Haystack

Hey everyone,

I’m looking for help getting root. Found somethings that I’m exploring but can’t really narrow a path to a privesc down.

Type your comment> @slimz28 said:

Type your comment> @mojorisin said:

Type your comment> @slimz28 said:

Can I get some help on user? I’ve been using the “rubberband” and I’ve used _search on b*** and q***** but haven’t found anything useful.

DM I can help a little

Haha as soon as I commented, I tried something and that gave me what I needed to uncover the username/passwd. :slight_smile:

Have you got near root yet if you have could you give me a nudge I have user :smile: )

I’m on the box trying to priv esc to K. Super stuck here, could someone give me a nudge please? I read something about an LFI, but is this the only way?

Got user… but for root, i am trying to use the L**-vulnerabiility. When I use it the server only “chews”. No mattr if i include a reverse shell or a textfile. Isn’t this the severity we are supposed to use?

Read up on how l******h handles log files.

Phew, finally rooted. Don’t over think the privesc like I did. Look at what you have, consult the documentation to understand what’s going on, google around for some good resources, and then use a debugger to your advantage. PM me if you’re stuck and need a nudge in the right direction. Special thanks to @thegoatreich for the assist.

Just got root, as @nergalwaja says, don’t overthink it. Just connect the dots.
Special thanks to everybody who gave me a nudge in the right direction. Looking to pay it forward, PM me if stuck or in need of hints. :smiley: Good luck.

jeez, i’m getting a raw patch on my head from scratching it so hard. user was…meh. nice puzzle but i prefer more “real world” boxes. i know what i need to do after getting user, it’s just i can’t figure out how. i know what to upload and was looking into a specific CVE but i can’t figure out how to execute it. looking through the documentation (which is pretty bad in my opinion, just my 2 cents) didn’t get me any further, can anyone point me in the right direction on what to read up on? i’m stuck

When trying the K***** exploit, i’m getting a status 400 unrecognised parameter error - can someone nudge me on what I’m doing wrong here?

Ok I’m stupid.

rooted. Learned a lot about l****h , especially gk.
All hints have been already mentioned. If I have to add something about priv esc, don’t forget that \s means SPACE.

Umm, is the s* suid binary that the l******h spits out a rabbit hole ?

Yeah being stuck is being desperate :slight_smile:

I have found some B**k details and some q****s …is this a right path …how to use this info…

Rooted. The final step needed patience

Would appreciate some help with steps after user. I have been playing with a L** for K***** but when I check ports open the port shown in /etc/k*****/k*****.yml is not running. When I try what the PoC shows on port 9*** it just errors out. Not sure what I’m missing…

Update: Nevermind…

Type your comment> @wish said:

I have found some B**k details and some q****s …is this a right path …how to use this info…

i have same question with you,any hints?thanks

If you stuck, you can PM me.

Can someone PM me on how to get the user k?

Tried enumerating, running pspy and even looking at online documentation.

Found a CVE but unsure how to get the syntax right

Cheers

I quite liked user, I learned a few new words :-).

Root was believable… kinda.

Good box.

Type your comment> @Nick said:

Type your comment> @wish said:

I have found some B**k details and some q****s …is this a right path …how to use this info…

i have same question with you,any hints?thanks

nothing yet…