Haystack

145791023

Comments

  • Nice and relatively easy box - esp. compared to the nightmare of Ghoul I did before.

    Stick to the roots of what you find, do some research of the api on the upper port and find the needle in that haystack ;)

    for root: There's no need to change any config! If you do you (and all others!) won't succeed. Read what you find in that specific dir after getting another user, do some more research and put all together. It's quite straight forward.

    As always: PM for nudges :)

  • i am no able to go banana's. any hint would be appreciated

  • For privesc, please don't copy the root.txt to /tmp!

  • Hey I am stuck and could use a nudge. Can someone help me figure out how to trigger this damn sh**l. I'm trying to get the k****a user. Thanks

  • PM me for help anyone.
  • I need some nudging on privesc from the k****a user. Checked general linux privesc items but not seeing anything that stands out

  • got root
    PM for nudges

  • hello all. I am in as k****a I can see a thing that is running and uses input and out files. I have been trying to create my own but no luck. Can someone PM me a nudge?

    Many Thanks

  • Rooted. Pretty much all you need has already been said in this discussion. Feel free to PM if you get stuck

  • Got Root.

    Thank you @thegoatreich for your help. Just needed that extra little bit and you helped me get there!

  • Type your comment> @odinshell said:

    Type your comment> @SleepyKaze said:

    Hi. Can anyone provide me some hints on how to escalate s******y user to k****a user? Really appreciate

    check for known vulnerabilities in kibana

    Thanks for the hint. finally knew how to escalate to k***a user...now onto the last step of root

  • i dumped the db . What should i do next . What should i look for

  • @moiatahacke said:

    i dumped the db . What should i do next . What should i look for

    find the needle.
    I have done it .. sometimes you only need luck to find it fast, i dont had it.

    translate.google.to may help but will need time.

    now i m stuck. Dont know how to use my "findings".
    Please PM me.

  • @Elan0r use your findings to access lower port

  • I got k****a but i don't know how to escalate any further can someone give me a little nudge

  • Type your comment> @Digsy said:

    I got k****a but i don't know how to escalate any further can someone give me a little nudge

    Check if there is any new folders you can read as k****a user and view the processes run by root. See if you can link any of them together and try to root from there

  • I will give some hints:

    • User : Image is important to get a hint, but is not necessary to get into User. Enumeration is the key, try to play with the high port like an API. You can use curl, in my case Burp's Intruder help me a lot. A little knowledge of Spanish is helpful ;)

    • Root: After accesing user, try to do a common enumeration, then try to access new resources. There is a common vulnerability, try to exploit different from the PoC (does not work and you will lose quite time), try some other attack vectors of the same vulnerability. After this, reading configuration is important (but you will not find some keys ;) ) you have to understand what is performed and how to take advantage of it.

    Hope I am not spoiling.

    leonishan

  • ROOTED.
    Special thanks to @hoodedfigure

    User:
    1- Check out the unsecured port - it is hiding something for you
    2- Enumerate the higher port and check what directories are there
    3- Dump the garbage using the rubberband and you will get worthy information
    4- You know what is the next step
    P.S "traduce lo que encontraste al español y encuentra la aguja"

    Root:
    1- You don't have enough power to do something with this user, get higher privs. Execute that vulnerability from within
    2- Got power? check what you can read with your power!
    3- Follow the three musketeers and see where they lead you to
    P.S "hay un buen depurador por ahí, úsalo"

  • Finally rooted. That was harder than I've expected from 20 points box.
    PM if you need hint :)

  • I got this long command that I think will trigger l******h but it doesn't seem to work. Do I have to change something in the command or does my c**f file need to be named something specific? Help is much appreciated!

  • Im stuck there too, I guess yes, but no fkn clue what 😂

    OSCP
    el3ctr0

  • edited July 2019
    Tips: Don't overthink and just focus on something in front of you. PM if you need hint :)

    If you appreciate my help, please give +1 respect https://www.hackthebox.eu/home/users/profile/3837

  • edited July 2019

    Finally rooted the box!
    This was really tough, everything is right in front of you, you just need to dig deeper.

    If you haven't noticed yet, español es muy imporante para hackear este caja. However, I myself have only a rudimentary knowledge of Spanish and didn't feel like deciphering every line I see.

    In case you too would like to feel comfortable with this box, I suggest the following.

    export LANG=en_US.UTF8
    (If you don't speak english, have no fear! On your own terminal, type locale. Now you can see what language you currently have set!)

    I, personally, would also recommend
    export TERM=xterm-256color
    alias ls='ls --color=auto'

    more information as to how languages work in linux can be found here https://www.tecmint.com/set-system-locales-in-linux/

    The other stuff is to add a more "homey" feel to the shell. I suggest taking a look at this post here.
    https://forum.hackthebox.eu/discussion/142/obtaining-a-fully-interactive-shell

    Hope this helps! Good luck!

    User: The answer really is right in front of you. Keep digging! As some have said, if you find a password, the username shouldn't be too far away.

    Root: You really need to do your homework for this one. Learn everything you can about what can be run. If you look at other comments, you can see that privesc is required. Once achieved, see what files and directories are now accessible to you that you didn't previously have! Read everything you can, learn all that you must, and have fun.

    (Hopefully this all isn't too much information, I just think the language knowledge and resources would be beneficial)

    ChefByzen
    If I helped you out at all, feel free to click my badge and give +1 respect!

  • Type your comment> @vmonem said:
    > I am able to read qu*s and bk from port 9200 but can't figure username, or the needle. (I also got data from port 80, and translated it).
    >
    > Any Hints on PM will be appreciated.

    I m on the same boat, did you get any further??
  • Type your comment> @Sav said:
    > Type your comment> @vmonem said:
    > > I am able to read qu*s and bk from port 9200 but can't figure username, or the needle. (I also got data from port 80, and translated it).
    > >
    > > Any Hints on PM will be appreciated.
    >
    > I m on the same boat, did you get any further??

    You will notice the strange things in there. Just focus and becarefull when reading that.

    If you appreciate my help, please give +1 respect https://www.hackthebox.eu/home/users/profile/3837

  • I'm pretty close to k****a user, but something goes wrong with my js... any hint/help?

  • edited July 2019
    Type your comment> @petruknisme said:
    > Type your comment> @Sav said:
    > > Type your comment> @vmonem said:
    > > > I am able to read qu*s and bk from port 9200 but can't figure username, or the needle. (I also got data from port 80, and translated it).
    > > >
    > > > Any Hints on PM will be appreciated.
    > >
    > > I m on the same boat, did you get any further??
    >
    > You will notice the strange things in there. Just focus and be careful when reading that.

    It seems like they have difference...And this difference confuses me...
    Or (I'm not sure) I should pass with those somewhere..?
  • edited July 2019

    Tough box. The three files and the Ejecutar space are killing me.

  • Grok is your friend
  • Hey I am running into an issue with my command for root. I am getting back this error when i run it: NS_HOME environment variable is not set. Can someone help me to fix this issue

Sign In to comment.