Haystack

Type your comment> @SleepyKaze said:

Hi. Can anyone provide me some hints on how to escalate s**y user to ka user? Really appreciate

check for known vulnerabilities in kibana

Hi, I believe I have root and I am the second user currently. However, I am running into an odd error message coming up:

"OpenJDK 64-Bit Server VM warning: If the number of processors is expected to increase from one, then you should configure the number of parallel GC threads appropriately using -XX:ParallelGCThreads=N "

when I run my command.

Could someone help me out as I can’t edit the file that has that config option in it so I’m not sure how I can get around this error… could I get a PM from someone who has root on this box for some help please?

Thanks

It’s a really good box to learn how to target specific application to hack.

Big hint:
Do a lot of research on the main application of this box both user and root.

Nice and relatively easy box - esp. compared to the nightmare of Ghoul I did before.

Stick to the roots of what you find, do some research of the api on the upper port and find the needle in that haystack :wink:

for root: There’s no need to change any config! If you do you (and all others!) won’t succeed. Read what you find in that specific dir after getting another user, do some more research and put all together. It’s quite straight forward.

As always: PM for nudges :slight_smile:

i am no able to go banana’s. any hint would be appreciated

For privesc, please don’t copy the root.txt to /tmp!

Hey I am stuck and could use a nudge. Can someone help me figure out how to trigger this ■■■■ sh**l. I’m trying to get the k****a user. Thanks

PM me for help anyone.

I need some nudging on privesc from the k****a user. Checked general linux privesc items but not seeing anything that stands out

got root
PM for nudges

hello all. I am in as k****a I can see a thing that is running and uses input and out files. I have been trying to create my own but no luck. Can someone PM me a nudge?

Many Thanks

Rooted. Pretty much all you need has already been said in this discussion. Feel free to PM if you get stuck

Got Root.

Thank you @thegoatreich for your help. Just needed that extra little bit and you helped me get there!

Type your comment> @odinshell said:

Type your comment> @SleepyKaze said:

Hi. Can anyone provide me some hints on how to escalate s**y user to ka user? Really appreciate

check for known vulnerabilities in kibana

Thanks for the hint. finally knew how to escalate to k***a user…now onto the last step of root

i dumped the db . What should i do next . What should i look for

@moiatahacke said:

i dumped the db . What should i do next . What should i look for

find the needle.
I have done it … sometimes you only need luck to find it fast, i dont had it.

translate.google.to may help but will need time.

now i m stuck. Dont know how to use my “findings”.
Please PM me.

@Elan0r use your findings to access lower port

I got k****a but i don’t know how to escalate any further can someone give me a little nudge

Type your comment> @Digsy said:

I got k****a but i don’t know how to escalate any further can someone give me a little nudge

Check if there is any new folders you can read as k****a user and view the processes run by root. See if you can link any of them together and try to root from there

I will give some hints:

  • User : Image is important to get a hint, but is not necessary to get into User. Enumeration is the key, try to play with the high port like an API. You can use curl, in my case Burp’s Intruder help me a lot. A little knowledge of Spanish is helpful :wink:

  • Root: After accesing user, try to do a common enumeration, then try to access new resources. There is a common vulnerability, try to exploit different from the PoC (does not work and you will lose quite time), try some other attack vectors of the same vulnerability. After this, reading configuration is important (but you will not find some keys :wink: ) you have to understand what is performed and how to take advantage of it.

Hope I am not spoiling.