Haystack

ROOTED
good box, all the hints you need are in the forum already.
again if your CVE******* isnt working you may need to reset the box. A good idea i found was to establish an meterpreter shell to spawn a meterpreter shell in case you lost a shell.
An understanding of E** really helps for understanding this box.
Thank you all in the forum for the amazing hints helping when i was stuck. PM if you need a nudge.

Hey guys, I got to the cve part, trying to get k****a, but something is not working out, can I get some help :slight_smile:

EDIT: Got root

User was kinda tricky, especially without the proper knowledge.
Root was WTF?! how the ■■■■ I managed to got the flag in the tp folder without doing anything that seems to work?! I didn’t get the root@haystack bash nor the root.txt but got some weird shell. file that firstly didnt appear in the tp folder nor the .txt file…
inside the shell. was an understandable script and in the .txt file was the flag and all this while i’m still in S
*** user without any special privs. I really dont get it how I managed to own this machine. I didnt even pivot to the K***** user…
Took few hours on the root stage without realize that the flag was somehow there, waiting for me to grab it :smiley:

Finally rooted. Each step took me a really long time. I found this box much more difficult than the other medium or easy boxes I’ve done (which isn’t many I admit).

Big thanks to @Achille for the nudge on root , @cmoon for correcting my c**l syntax, and @Akl for getting me out of the haystack.

PM me if you’d like help on root or user.

Looking for nudge on root. Looking over all the clues. Just not getting it. Any help would be great.

Got root from tmp folder. :neutral:

Spoiler Removed

Clue is in the title for this one. Quite a fun machine in my opinion, especially root. My hints:

User:
Research the API/db in use patiently so you can interact with it effectively - including default settings. Then you can solve the puzzle.

Root:
Trying different things at the final stage - new contents put into file / new file are 2 different things…

Type your comment> @sazouki said:

any nudge how to make that cve works :frowning:

I’ve been stucked for a while because i wasn’t running the command from the right place. Once you have the LFI think from WHERE you should run it (at least it was my problem).

Rooted. Good box. Learned lot of LKE. Thanks for creator.
HINT for root: look 3 files closely.
If steel stack - PM me.

Rooted, nice machine , it’s my first time with elastic product :wink:
User is more simple that’s you think,
you have to look for what you don’t see :wink:
For root use that you have, you don’t need anything else.
Copy root.txt in /tmp is not a right idea .

can anyone help me with the syntax required for root. Im completely lost tbh

Hello there!
It was funny to get user in that CTF-like search on ELK Stack., but now im stuck on the user you get after aplying that CVE to ELK. I know how filters work, but im stuck in the syntax I have to use in the input file. Can someone drop a hint on my PM?
Thank you in advance!

Type your comment> @skitz said:

can anyone help me with the syntax required for root. Im completely lost tbh

Use a online debugger :wink:

A very good box, I liked it! Don’t understand the many thumbs down. Now back to “Safe” :slight_smile:

This is the furthest I’ve gotten without help, but I’m having trouble with user (I’m brand new to this stuff.)

I think I know the payload I’m going to use, but I can’t find an attack vector.

Finally! Got root.

Anyone ripping their hair out at the last hurdle, look in the filter and input files. The clues in the name.

One filters, one dicates the input…

Same boat > @TheRamen said:

Finally! Got root.

Anyone ripping their hair out at the last hurdle, look in the filter and input files. The clues in the name.

One filters, one dicates the input…

Same boat @TheRamen . Just looking for a pointer towards something so I can know what I’m looking to accomplish.

Finally managed to get root. I learned a lot from this box!

All in all you have to run three exploits on this box to get root. All the vulnerabilities are caused by the ELK. If you keep that in mind you will know where to look at for the final step to get root.

The reason I like the box is, you really have to understand how the ELK works and that’s why it teaches you a lot about that application.

After you got user there are two steps until you get root. I didn’t like the user part, because it was really CTF like. But after that it is actually a lot of fun.

NOTE: If a box has been resetted 2 minutes ago you don’t have to reset it again! Before you reset a box, please look, if the box has already been resetted before you hit that reset button.

If you need a hint, feel free to PM me!

Type your comment> @dt31t0vv said:

A very good box, I liked it! Don’t understand the many thumbs down. Now back to “Safe” :slight_smile:

Same here :slight_smile: