Haystack

Can someone PM me, trying to get LFI to work. Want to make sure I’m on the right path.

Can someone pm me for root.I think i’m on last step k***a lsh

Hmm. Still struggling with root. I think that I already created what is needed to get shell, but it’s not being executed. Any help will be appreciated.

PP

hello guys, how do we get into the machine ? i see ssh open, do we bruteforce it ? THANKS!

I have user and have gotten myself my initial foothold as s*******. For root I have tried enumerating the system and have found K***** but am having trouble finding the next step. If someone could PM me I’d be very appreciative! I will edit this post if I solve it, so if I’ve not edited it then I am still stuck.

do you guys bf ftp ? thanks!

Spoiler Removed

Hi guys… can i have a helping hand here? I have managed to find what’s on port 80 and have found the 4 indices on ES but not too sure where you guys have found the username needed?

anyone with hint for the root?

Any hints on whats next after decoding the base64 and finding the message ?

Type your comment> @hxmo said:

Any hints on whats next after decoding the base64 and finding the message ?

log in and kill the user ?

Type your comment> @el3ctr0 said:

Type your comment> @hxmo said:

Any hints on whats next after decoding the base64 and finding the message ?

log in and kill the user ?

:open_mouth:

@hxmo make sure you enumerate the box. From there you will find the next step.

Type your comment> @zac777 said:

@hxmo make sure you enumerate the box. From there you will find the next step.

yeah im sure ive enumerated all, the encoded message was actually the last thing i found after enuming everything possible - will need to go back to the box and see what i can think of that message meaning

Does anyone else have an issue with reconnecting the shell as k*****? If I try to get a more interactive shell or close it by mistake, rerunning my LFI doesn’t reestablish the connection.

EDIT: resetting the box helps, but not ideal

changing the name over your s****.j* allows the connection to reconnect.

can anyone help me for user?

What a box! Getting root shell was the best part and yes, Trying Harder works!!

Rooted.
For user: read docs and play with the query :smiley:
For root: you need to become banana first :anguished:

Finally rooted. I liked both user and privesc parts, but really unstable box, I needed to reset many times while privesc. Anyway thanks for l****h gk hints.

Can anyone help me with the LFI please?