Haystack

Type your comment> @hxmo said:

Any hints on whats next after decoding the base64 and finding the message ?

log in and kill the user ?

Type your comment> @el3ctr0 said:

Type your comment> @hxmo said:

Any hints on whats next after decoding the base64 and finding the message ?

log in and kill the user ?

:open_mouth:

@hxmo make sure you enumerate the box. From there you will find the next step.

Type your comment> @zac777 said:

@hxmo make sure you enumerate the box. From there you will find the next step.

yeah im sure ive enumerated all, the encoded message was actually the last thing i found after enuming everything possible - will need to go back to the box and see what i can think of that message meaning

Does anyone else have an issue with reconnecting the shell as k*****? If I try to get a more interactive shell or close it by mistake, rerunning my LFI doesn’t reestablish the connection.

EDIT: resetting the box helps, but not ideal

changing the name over your s****.j* allows the connection to reconnect.

can anyone help me for user?

What a box! Getting root shell was the best part and yes, Trying Harder works!!

Rooted.
For user: read docs and play with the query :smiley:
For root: you need to become banana first :anguished:

Finally rooted. I liked both user and privesc parts, but really unstable box, I needed to reset many times while privesc. Anyway thanks for l****h gk hints.

Can anyone help me with the LFI please?

@thegoatreich said:

Can anyone help me with the LFI please?

is there any LFI ??

anyone know how to trigger l******h into doing useful stuff? I can see two possible ways of getting what I want, but cannot trigger either

Nevermind, it triggered :slight_smile: rooted!!

not a bad box, but not my favourite

Type your comment> @MrBlackHat said:

@thegoatreich said:

Can anyone help me with the LFI please?

is there any LFI ??

From what I’ve read yes. But I can’t get it to work.

I’m in the last priv step. I got k**** user and I found a conf interesting file Could anybody help me with a right path???

Type your comment> @n1b1ru said:

I’m in the last priv step. I got k**** user and I found a conf interesting file Could anybody help me with a right path???

I got root flag

can i get a nudge to get k*****? i’m trying the L** exploit to no avail. Is this even the right path?

Got user, working on root. Def not my favorite box so far. Best hints I can give for user are:

The image is important. There’s more to it than what the eye can see…

Learn HOW to search the DB once you get there and know what you’re looking for when you get the results.

Anyone mind nudge me on how to make l******h do it’s thing?

Type your comment> @thegoatreich said:

Can anyone help me with the LFI please?

Pm me if you are still stuck