Haystack

Just got root, this was my first box and iā€™ve spend about 20 hours on it.
It was way harder then I anticipated at first. Learned alot of new stuff, hope Iā€™m more prepared for new challenges now since I was not really prepared for the ā€œpuzzleā€ part of this one.
If you donā€™t give up on this box you will eventually get it, this thread has alot of info to tie it all together. GL!

Type your comment> @wish said:

Type your comment> @Nick said:

Type your comment> @wish said:

I have found some B**k details and some q****s ā€¦is this a right path ā€¦how to use this infoā€¦

i have same question with you,any hints?thanks

nothing yetā€¦

Finally got userā€¦

I have no idea what to do once I get access to the initial user. How do I do a privesc to the k* user

I just need a nudge to go from s* to k*. I looked at the R*M file I ran the script nothing.

Type your comment> @wish said:

Type your comment> @wish said:

Type your comment> @Nick said:

Type your comment> @wish said:

I have found some B**k details and some q****s ā€¦is this a right path ā€¦how to use this infoā€¦

i have same question with you,any hints?thanks

nothing yetā€¦

Finally got userā€¦

great job!!
i still stuck in here,any hint for me?thanks alot

Hello guys :slight_smile:
Just started haystack.
Could you tell me if the needle.img is connected with steganography? Do I need to use steganography tools to obtain some information from this picture?

Edit: Ok, I found it :smile:
Hint: use e.g. burp guys!

I found the pā€¦: s******.i*.k** but it doesnā€™t seem to work anywhere, I ve tried some default users front door, didnā€™t seem to work, is it a rabbit hole or am I overthinking it? Hint pls x)
EDIT: Okey that was stupid from me, when you find the pā€¦ donā€™t be excited and forget to see what else is there
thanks @penturmeade for the Hint: ā€œif you found the password, the user is very close byā€

Eventually got the machineā€™s root. It was a headache but very interesting. Learnt quite a few things along the way. :slight_smile:

Iā€™m having trouble performing privesc from the user account. Iā€™m trying to run a js file uploaded to the machine using the LFI vuln. The response i get back from sending the GET request with CURL is a 400 Bad request. apis paramerer is required. My query however does include a apis value. Did anyone else experience this?

@Xtrato Use quotes. curl 'url-here'

@fasetto said:
@Xtrato Use quotes. curl 'url-here'

I managed to get a shell once but right now the same command is doing nothing.

Can anyone give me a tip please?

Trying to get root and I get 404 when trying to curl my exploitā€¦ does it have to be in a certain path?

@vGsec; You are missing something probably. DM if you want me to check your payload.

Type your comment> @vGsec said:

@fasetto said:
@Xtrato Use quotes. curl ā€˜url-hereā€™

I managed to get a shell once but right now the same command is doing nothing.

Try renaming it. Things only seem work one time

@KeyboardCaper said:

I managed to get a shell once but right now the same command is doing nothing.

Try renaming it. Things only seem work one time

Hey would you mind DMing me, Iā€™m super stuck trying to get the LFI to executeā€¦ just getting 404 or some error about a parameterā€¦

Type your comment> @mofa28 said:

User is awful. Root is nice

Iā€™m finding the exact opposite.

Type your comment> @aj8417 said:

Type your comment> @mofa28 said:

User is awful. Root is nice

Iā€™m finding the exact opposite.

Same, user was pretty easy. Root. Spent 2 days banging head against wall trying to get LFI to workā€¦

stuck on the ka user. I know I am supposed to do something with l**h, just not sure how or what to do. Any nudge would be awesome

Is there any exploit to become k****a userā€¦i found one exploit which is RCE which is not workingā€¦

Those who are stuck at going banana, you need to look at a certain config file and see why the *F* exploit you are using is not working (it can only be ran from a certain place, you already have the tool on the machine to do it) :wink: