Haystack

My advice to everyone for the root path:
Check the configuration files related to that app you saw.

I have to admit I do not like CTF-ish machines at all.
But this one is very well designed to make you work with the whole ELK stack.
Thumbs up for JoyDragon, he did a great job for that.

Here is my hints:

  • User: The picture give you the key to control/find the needle in all the data you can gather.
  • root: Sense the version of things to get the banana. Then, enroll yourself in a commando to execute your will to the last element of the stack.

I hope it helps :smile:

Just got root, this was my first box and i’ve spend about 20 hours on it.
It was way harder then I anticipated at first. Learned alot of new stuff, hope I’m more prepared for new challenges now since I was not really prepared for the “puzzle” part of this one.
If you don’t give up on this box you will eventually get it, this thread has alot of info to tie it all together. GL!

Type your comment> @wish said:

Type your comment> @Nick said:

Type your comment> @wish said:

I have found some B**k details and some q****s …is this a right path …how to use this info…

i have same question with you,any hints?thanks

nothing yet…

Finally got user…

I have no idea what to do once I get access to the initial user. How do I do a privesc to the k* user

I just need a nudge to go from s* to k*. I looked at the R*M file I ran the script nothing.

Type your comment> @wish said:

Type your comment> @wish said:

Type your comment> @Nick said:

Type your comment> @wish said:

I have found some B**k details and some q****s …is this a right path …how to use this info…

i have same question with you,any hints?thanks

nothing yet…

Finally got user…

great job!!
i still stuck in here,any hint for me?thanks alot

Hello guys :slight_smile:
Just started haystack.
Could you tell me if the needle.img is connected with steganography? Do I need to use steganography tools to obtain some information from this picture?

Edit: Ok, I found it :smile:
Hint: use e.g. burp guys!

I found the p…: s******.i*.k** but it doesn’t seem to work anywhere, I ve tried some default users front door, didn’t seem to work, is it a rabbit hole or am I overthinking it? Hint pls x)
EDIT: Okey that was stupid from me, when you find the p… don’t be excited and forget to see what else is there
thanks @penturmeade for the Hint: “if you found the password, the user is very close by”

Eventually got the machine’s root. It was a headache but very interesting. Learnt quite a few things along the way. :slight_smile:

I’m having trouble performing privesc from the user account. I’m trying to run a js file uploaded to the machine using the LFI vuln. The response i get back from sending the GET request with CURL is a 400 Bad request. apis paramerer is required. My query however does include a apis value. Did anyone else experience this?

@Xtrato Use quotes. curl 'url-here'

@fasetto said:
@Xtrato Use quotes. curl 'url-here'

I managed to get a shell once but right now the same command is doing nothing.

Can anyone give me a tip please?

Trying to get root and I get 404 when trying to curl my exploit… does it have to be in a certain path?

@vGsec; You are missing something probably. DM if you want me to check your payload.

Type your comment> @vGsec said:

@fasetto said:
@Xtrato Use quotes. curl ‘url-here’

I managed to get a shell once but right now the same command is doing nothing.

Try renaming it. Things only seem work one time

@KeyboardCaper said:

I managed to get a shell once but right now the same command is doing nothing.

Try renaming it. Things only seem work one time

Hey would you mind DMing me, I’m super stuck trying to get the LFI to execute… just getting 404 or some error about a parameter…

Type your comment> @mofa28 said:

User is awful. Root is nice

I’m finding the exact opposite.

Type your comment> @aj8417 said:

Type your comment> @mofa28 said:

User is awful. Root is nice

I’m finding the exact opposite.

Same, user was pretty easy. Root. Spent 2 days banging head against wall trying to get LFI to work…

stuck on the ka user. I know I am supposed to do something with l**h, just not sure how or what to do. Any nudge would be awesome