Haystack

A tip that will save you from trouble and resets:

When you have ran the exploit, you can still use it again. However you can’t use it with the same path. Change its name and its still usable.

can anyone help me with ka , I am facing problem executing the J sh**

see below

Hey guys, I’m on the very last step. I can’t get g**k to work for me to save my life. Can anyone help me out via PM or something? I would appreciate it a lot.

EDIT: Got it with some help from @jfx41 .

User: Learn how to work with E in ELK.
Root: It really is all about the g**k filter. It has to be right or nothing will work. Learn exactly what it wants.

If you’re stuck on getting user just make sure you properly decrypt the base64… I was being silly

Hmm, trying to esc from user to K****a user but invoking the c**l command returns the unknown parameter error. What am I getting wrong?

UPDATE - fixed it. Now to deal with the ‘Empty Reply from Server’ message.

After user, and working on root, but got a step up, not root. Do I just keep doing PriveEsc for root from here now? More enumeration?

Enjoyed the box! Having a good read about the ELK stack does make your life much easier, so you can understand how the various pieces come together. If you do this (and have performed sufficient enumeration earlier) you’ll know exactly where to look to escalate further.

@PanamaEd117 : Yeah enumerate more, as you’ll have a different set of permissions now that you have a different user.

Its finally done, ■■■■■■■■ this box! This box is kinda frustrating but was a good challenge.

user: knowing a bit of spanish helps, use google translate if you can’t understand it, pay close attention to the image, it holds secrets, learn to work with the things running on the higher port, so you can get to lower one.

root: this is ■■■■, you have to become another user, there is a cve for that, and once you become another user you need to read l******* configs so you understand how it works, then you need to trigger your files to get root.

Good luck

Fighting for root…

Stuck on the user due the wrong syntax
Stuck on the root due the wrong syntax
Lol, that’s a shame.

Got it finally, root seems to be the easiest and most obvious part.

Hints:
User - never thought that Spanish needle is somehow different from English one

Root -

  1. Double jump works.
    If you feel that you are on the right way but still can not find a path - use quotes.
  2. Enumeration and RTFM, do not overcomplicate the things

I am stuck at user, can anyone pm me please.

I would not consider this an easy machine. Root was not that easy. Needed to read up on some stuff to get there. I learned some stuff, so I am happy though :slight_smile:

Just got user. Enjoyed that. Different from other boxes I played, but nonetheless enjoyable once I got a feel for it. looking forward to having a crack at root tomorrow.

Figured out what to do for root… but i can’t get the E*r co to do anything. Need some guidance. PM?

Can’t figure out for proper modification file and re run it :slight_smile: May someone help mi with this one? :slight_smile: ROOT stage!

that box made me angry

Rooted but you will doubt yourself without the tip from the forum that you have to rename the file completely after using it once, doesn’t matter if it ran or not.

Can someone PM me regarding root? I have k***** user and I know it has to do with g*** of l**s****. I’m having trouble getting the patterns to match on the debug site.

Stuck on user :frowning:
I feel like I am doing something wrong with c**l, I can’t get the needle.

Got user, thanks @k10xima for the hint.

so stuck on root. got passed the cve. but have no clue what I am looking for. reading about privesc for linux now.