> @Refenn said:
> Type your comment> @petruknisme said:
> > Type your comment> @Sav said:
> > > Type your comment> @vmonem said:
> > > > I am able to read qu*s and bk from port 9200 but can't figure username, or the needle. (I also got data from port 80, and translated it).
> > > >
> > > > Any Hints on PM will be appreciated.
> > >
> > > I m on the same boat, did you get any further??
> >
> > You will notice the strange things in there. Just focus and be careful when reading that.
>
> It seems like they have difference...And this difference confuses me...
> Or (I'm not sure) I should pass with those somewhere..?
If you confuse reading that file with editor, try to use json beautifier and then look at the strange things
Type your comment> @petruknisme said:
> If you confuse reading that file with editor, try to use json beautifier and then look at the strange things
No, I mean I'm confused with pass. The user is ok, but when I try to use some algorithms to pass, it becomes very strange.
It's the same. If you can find the user, the pass is near from that. And if you can reveal the user, i think you can reveal pass too. I hope I'm not spoling this.
Hey everyone,
I found the low port "needle" and found the high port "user", decrypted both and I am stuck. I am searching the json files b* and q* like a madman but don't seem to find the last piece of the puzzle. I really need a pointer into the right direction.
sometimes the privesc for k**** user works with reverse shell but sometimes doesn't work. Is it normal? i'm tired for trying 100 times for one shell. Help pls
sometimes the privesc for k**** user works with reverse shell but sometimes doesn't work. Is it normal? i'm tired for trying 100 times for one shell. Help pls
Try renaming your shell. I was finding that if I disconnected the shell I had to rename to get it to reconnect.
I've got the k******* powerup, but now I'm completely lost on where to go next, i've heard mention of three files and a service but I can't seem to find anything related to them... could anybody give me a PM with a nudge please?
If any could PM me with help on getting the final stage of root I would really appreciate it. I've escalated to another user but can't figure out what to do with these conf files I found...
Finally rooted through the pain of learning and ctfing.
User was too strange because of non-idempotent queries' results, got it almost accidentally.
Root was pretty nice: enumerating, learning new cool instruments and feeling euphoria from the sudden [[email protected] /]#
Feel free to PM if your brain is in pain
Not going to lie. My first attempt I wrote a lengthy script that cross referenced data from one index to the other looking for clues. It was almost complete when I saw the relevant gibberish by chance.
The second half was far more interesting and although I am familiar with the software used I was not aware of this particular bug. My hint for root is that once you have everything set up, be patient, there is a short delay.
Got user after finding that magic Github tool to dump the db and essential linux utilities.
On my way to get root now
EDIT: stuck on getting root last step, anyone willing to give me a nudge ? Thanks
EDIT2: got root thanks to @k0zur3 and @thegoatreich, thank you.
IMO, the user part was nice as it was a bit of trolling, but the odd L** and the last root part was not very fun, even after looking at l******h documentation for a long time.
Anyway, I learned a lot about ELK so thank you @JoyDragon
Hey everyone,
I found the low port "needle" and found the high port "user", decrypted both and I am stuck. I am searching the json files b* and q* like a madman but don't seem to find the last piece of the puzzle. I really need a pointer into the right direction.
So got the message in the image and trawling through the indexes using curl, I did see a message now I cant @p1azm0id my brain is in pain lol any nudges welcome
Nice machine which made me dive into into the horny beast...
Not CTF at all, you get what you need to search on the lower port and with just one query you get credentials - took me 5 mins..
root I had to spend more time as I like to study the whole documentation.
Overall fun machine.
Comments
Removed
> Tough box. The three files and the Ejecutar space are killing me.
Just follow the G**k and you will be safe.
If you appreciate my help, please give +1 respect https://www.hackthebox.eu/home/users/profile/3837
> Type your comment> @petruknisme said:
> > Type your comment> @Sav said:
> > > Type your comment> @vmonem said:
> > > > I am able to read qu*s and bk from port 9200 but can't figure username, or the needle. (I also got data from port 80, and translated it).
> > > >
> > > > Any Hints on PM will be appreciated.
> > >
> > > I m on the same boat, did you get any further??
> >
> > You will notice the strange things in there. Just focus and be careful when reading that.
>
> It seems like they have difference...And this difference confuses me...
> Or (I'm not sure) I should pass with those somewhere..?
If you confuse reading that file with editor, try to use json beautifier and then look at the strange things
If you appreciate my help, please give +1 respect https://www.hackthebox.eu/home/users/profile/3837
need some hints for the haystack.
try many methods. any bits of advice?
> If you confuse reading that file with editor, try to use json beautifier and then look at the strange things
No, I mean I'm confused with pass. The user is ok, but when I try to use some algorithms to pass, it becomes very strange.
Type your comment> @Refenn said:
It's the same. If you can find the user, the pass is near from that. And if you can reveal the user, i think you can reveal pass too. I hope I'm not spoling this.
If you appreciate my help, please give +1 respect https://www.hackthebox.eu/home/users/profile/3837
Hey everyone,
I found the low port "needle" and found the high port "user", decrypted both and I am stuck. I am searching the json files b* and q* like a madman but don't seem to find the last piece of the puzzle. I really need a pointer into the right direction.
sometimes the privesc for k**** user works with reverse shell but sometimes doesn't work. Is it normal? i'm tired for trying 100 times for one shell. Help pls
Hi,
didn't read all the post. I'm starting with the box and found an exploit for e***********h called e***********h shell, am i on the right path?
Type your comment> @sh4rk said:
Try renaming your shell. I was finding that if I disconnected the shell I had to rename to get it to reconnect.
I've got the k******* powerup, but now I'm completely lost on where to go next, i've heard mention of three files and a service but I can't seem to find anything related to them... could anybody give me a PM with a nudge please?
If any could PM me with help on getting the final stage of root I would really appreciate it. I've escalated to another user but can't figure out what to do with these conf files I found...
I'm having a hard time with this box. Did you guys us e*********p to get all the datas / database from the rubber band?
Having a hard time escalating to K*******a. I found a CVE but the URL they talk results in a 404? Am I on the wrong path>
Some people talked about something in the image/picture. Does it has anything to do with steganography?
@kalagan76
Yes it will give you the hint
Finally rooted through the pain of learning and ctfing.
User was too strange because of non-idempotent queries' results, got it almost accidentally.
Root was pretty nice: enumerating, learning new cool instruments and feeling euphoria from the sudden [[email protected] /]#
Feel free to PM if your brain is in pain
Not going to lie. My first attempt I wrote a lengthy script that cross referenced data from one index to the other looking for clues. It was almost complete when I saw the relevant gibberish by chance.
The second half was far more interesting and although I am familiar with the software used I was not aware of this particular bug. My hint for root is that once you have everything set up, be patient, there is a short delay.
Got user after finding that magic Github tool to dump the db and essential linux utilities.
On my way to get root now
EDIT: stuck on getting root last step, anyone willing to give me a nudge ? Thanks
EDIT2: got root thanks to @k0zur3 and @thegoatreich, thank you.
IMO, the user part was nice as it was a bit of trolling, but the odd L** and the last root part was not very fun, even after looking at l******h documentation for a long time.
Anyway, I learned a lot about ELK so thank you @JoyDragon
Type your comment> @habtek said:
same spot, please assist.
So got the message in the image and trawling through the indexes using curl, I did see a message now I cant @p1azm0id my brain is in pain lol any nudges welcome
<img src="https://www.hackthebox.eu/badge/team/image/1805" alt="Hack The Box">
@mojorisin
it asks me for a passphrase in order to extract infos from the image. Any tips?
got root
Thank you, the forum gave me a lot of help, not going in the wrong direction.
Mission Complete! Nice machine!
[[email protected] ~]# id
uid=0(root) gid=0(root) grupos=0(root) contexto=system_u:system_r:unconfined_service_t:s0
[[email protected] ~]# ls -l
total 8
-rw-------. 1 root root 1407 nov 28 2018 anaconda-ks.cfg
-rw-------. 1 root root 33 feb 6 22:12 root.txt
just owned user....pfff...was though :-(
Type your comment> @Zer0Code said:
Think about people who need to translate from Spanish to English then to French :-)
Nice machine which made me dive into into the horny beast...
Not CTF at all, you get what you need to search on the lower port and with just one query you get credentials - took me 5 mins..
root I had to spend more time as I like to study the whole documentation.
Overall fun machine.
Macte nova virtute, puer, sic itur ad astra.