Haystack

Finally rooted. Thanks to @Nick the man and to @dalemazza. There are tons of great hints in this thread already.

I don’t understand why this box has so many downvotes. You can easily find out e*******h commands from google, use those to dump all the info and then use grep on that to find the keyword the needle gave you. PrivEsc on this box is also really cool.

Make sure to change the filename at the very last stage of root if you change something on the file. And feel free to pm me for help.

Finally got user… Hunting for root

Edit: Rooted… PM me if you need help

Allllright stuck yet again.

Finally got Kibana. Now I’m completely lost. Any pointers at all would great.

any ideas on why i am getting “error 52 empty reply from server” after i curl anything after apis=

asked so many people and simply cannot work out what i am doing wrong

Type your comment> @dalemazza said:

any ideas on why i am getting “error 52 empty reply from server” after i curl anything after apis=

asked so many people and simply cannot work out what i am doing wrong

use quotes >> curl " http://som.url"

Type your comment> @smaxs said:

Type your comment> @dalemazza said:

any ideas on why i am getting “error 52 empty reply from server” after i curl anything after apis=

asked so many people and simply cannot work out what i am doing wrong

use quotes >> curl " http://som.url"

got the same error. i even swapped servers.

Type your comment> @dalemazza said:

Type your comment> @smaxs said:

Type your comment> @dalemazza said:

any ideas on why i am getting “error 52 empty reply from server” after i curl anything after apis=

asked so many people and simply cannot work out what i am doing wrong

use quotes >> curl " http://som.url"

got the same error. i even swapped servers.

An empty response which comes immedietly, may mean that something has connected to your nc. Have you tried a command in that box?

Also, it seemed to be a little like, once the exploit had been used, it’s unusable for the next person to come. I had that issue when i accidently closed my shell…

i’m root! tke to @thegoatreich for hint about rename file! and @k0zur3 for hint about root!!!

Finally got root. I really enjoyed this one. It would have taken me way longer if the forum here hadn’t suggested to go from s* user to k* user before heading to root. There seems to be some amazing minds here on htb.

user was easy stuck on root .

A tip that will save you from trouble and resets:

When you have ran the exploit, you can still use it again. However you can’t use it with the same path. Change its name and its still usable.

can anyone help me with ka , I am facing problem executing the J sh**

see below

Hey guys, I’m on the very last step. I can’t get g**k to work for me to save my life. Can anyone help me out via PM or something? I would appreciate it a lot.

EDIT: Got it with some help from @jfx41 .

User: Learn how to work with E in ELK.
Root: It really is all about the g**k filter. It has to be right or nothing will work. Learn exactly what it wants.

If you’re stuck on getting user just make sure you properly decrypt the base64… I was being silly

Hmm, trying to esc from user to K****a user but invoking the c**l command returns the unknown parameter error. What am I getting wrong?

UPDATE - fixed it. Now to deal with the ‘Empty Reply from Server’ message.

After user, and working on root, but got a step up, not root. Do I just keep doing PriveEsc for root from here now? More enumeration?

Enjoyed the box! Having a good read about the ELK stack does make your life much easier, so you can understand how the various pieces come together. If you do this (and have performed sufficient enumeration earlier) you’ll know exactly where to look to escalate further.

@PanamaEd117 : Yeah enumerate more, as you’ll have a different set of permissions now that you have a different user.

Its finally done, ■■■■■■■■ this box! This box is kinda frustrating but was a good challenge.

user: knowing a bit of spanish helps, use google translate if you can’t understand it, pay close attention to the image, it holds secrets, learn to work with the things running on the higher port, so you can get to lower one.

root: this is ■■■■, you have to become another user, there is a cve for that, and once you become another user you need to read l******* configs so you understand how it works, then you need to trigger your files to get root.

Good luck

Fighting for root…