Haystack

Read up on how l******h handles log files.

Phew, finally rooted. Don’t over think the privesc like I did. Look at what you have, consult the documentation to understand what’s going on, google around for some good resources, and then use a debugger to your advantage. PM me if you’re stuck and need a nudge in the right direction. Special thanks to @thegoatreich for the assist.

Just got root, as @nergalwaja says, don’t overthink it. Just connect the dots.
Special thanks to everybody who gave me a nudge in the right direction. Looking to pay it forward, PM me if stuck or in need of hints. :smiley: Good luck.

jeez, i’m getting a raw patch on my head from scratching it so hard. user was…meh. nice puzzle but i prefer more “real world” boxes. i know what i need to do after getting user, it’s just i can’t figure out how. i know what to upload and was looking into a specific CVE but i can’t figure out how to execute it. looking through the documentation (which is pretty bad in my opinion, just my 2 cents) didn’t get me any further, can anyone point me in the right direction on what to read up on? i’m stuck

When trying the K***** exploit, i’m getting a status 400 unrecognised parameter error - can someone nudge me on what I’m doing wrong here?

Ok I’m stupid.

rooted. Learned a lot about l****h , especially gk.
All hints have been already mentioned. If I have to add something about priv esc, don’t forget that \s means SPACE.

Umm, is the s* suid binary that the l******h spits out a rabbit hole ?

Yeah being stuck is being desperate :slight_smile:

I have found some B**k details and some q****s …is this a right path …how to use this info…

Rooted. The final step needed patience

Would appreciate some help with steps after user. I have been playing with a L** for K***** but when I check ports open the port shown in /etc/k*****/k*****.yml is not running. When I try what the PoC shows on port 9*** it just errors out. Not sure what I’m missing…

Update: Nevermind…

Type your comment> @wish said:

I have found some B**k details and some q****s …is this a right path …how to use this info…

i have same question with you,any hints?thanks

If you stuck, you can PM me.

Can someone PM me on how to get the user k?

Tried enumerating, running pspy and even looking at online documentation.

Found a CVE but unsure how to get the syntax right

Cheers

I quite liked user, I learned a few new words :-).

Root was believable… kinda.

Good box.

Type your comment> @Nick said:

Type your comment> @wish said:

I have found some B**k details and some q****s …is this a right path …how to use this info…

i have same question with you,any hints?thanks

nothing yet…

Type your comment

I am stuck with the priv esc to root.
Anyone can PM me with some hints/nudges?
Nearly there I think.

Type your comment> @macha2230 said:

I am stuck with the priv esc to root.
Anyone can PM me with some hints/nudges?
Nearly there I think.

same boat…

I’m trying to escalate through root. I understood what to do. When I try to run .co* files, it’s giving some errors. Also, I tried to add --ph.se*ngs argument. Need some nudges here…

edit: got root! Forget the lines above. It is misdirection.