Haystack

got it! big thanks to @isildur21

Rooted. PM for hints.

Edit: Okay. Finally, I figure it out.

When you look at that file(e**/l******/**./) , it automatically reads the file in that path. So I just wait to connect system.
Then, After 10 seconds, I got root. Isn’t it?

If you think I got it wrong(misunderstood) I’d appreciate a PM.

if u need the hand pm me !!

I’m absolutely stumped on debugging my l****_*** file so be read by the grok pattern. Any advice would be appreciated. I know I’m at the last step.

EDIT: So I managed to finally root it, but honestly I’m pretty sure something is weird with l****** on the box. It seemed like it triggered randomly, and definitely not every 10 seconds like it says it’s configured.

Is brute force needed for that image? I have found the password in the db dump, no username though. Looked through two directories. Gobuster and dirbuster running for an hour and nothing else found. A little nudge would be appreciated if I’m not on the right path. Thanks guys.

Type your comment> @Gn0m3h4ck3r said:

Is brute force needed for that image? I have found the password in the db dump, no username though. Looked through two directories. Gobuster and dirbuster running for an hour and nothing else found. A little nudge would be appreciated if I’m not on the right path. Thanks guys.

username is below pass in that dump, just read it careful

hi everyone. I’ve a problem with LFI, I think my curl syntax is wrong because I get 404 Not found error, maybe I use wrong url. can somebody help me?

I’m stuck at the privilege escalation from ka to root. I know i’m supposed to use lh and i found the three .conf file,s but i don’t know how to use it or what to do with them. Am i supposed to created my own .conf file and make l****h use it?

I’ve been stucked for days…any tips or advices would be great. Thanks.

Anyone wanna give me a nudge to get k***** user? i’ve read the hints in this thread regarding curl, and a certain CVE, but still not sure how to make sense of it. Any help would be appreciated :slight_smile:

EDIT: nvm found the CVE - just needed a walk

I’ve dumped the db but I’m stuck on the image. I assume I need to use steganography but I have no experience with it. I’ve tried using the stegsolve and stegcracker tools but couldn’t find anything. Any tips or resources to learn more?

Got USER!

That was interesting and fun experience…
Though I have never worked with e*********h before and this was the fist time I was touching it… So it was a mess at first, but after reading documentation and how to search it all - it took me literally few minutes to get user flag.
Tips: the image has secrets, but do not overthink it, just ‘dog’ it when downloaded and you will get a clue.
After getting the clue - you just need to go to your browser, write server URL with higher port and a crafted query - and you get the user. Literally one liner for getting creds.
Was a good exp with ES.

Now onto Root - this will be intersting knowning my lack of knowledge on ELK…

Good luck!

So I am currently sy user. I have used pivot to get to the k app so I can access the console. Do I need to do this? The LFI online doesn’t make much sense to me. Any pointers would be greatly appreciated.

have found hint through img and 10 records of ELk. Can someone please help me get DB dump?

Hey, i’m currently stuck on root. The part where I have to privesc from s*y to ka. I think i found the appropriate vulnerability but not sure how to move forward. Can anyone pm me some nudges or hints? Thank you in advance

Can someone help me out with a little nudge on K******* user? I am trying to run the LFI but it is not working for me… I can’t figure this out.

Hi all,

Thanks for the good tips in the thread, pretty useful.

I am on what I believe to be the very last step before root. Essentially I think I know what needs doing, I am Ka, have inspected the c**f files and in particular the fr one, however I suspect that my syntax is off. I am not 100% sure because the box behaves in what seems arbitrary ways at times. I have spent quite some time reading on g**k syntax but to no avail.

Any pointers will be appreciated…

thank you!

Managed to root this box without visiting forums… Definitely learned new techs. Had to read documentation carefully for certain utility.

Has anyone got a good guide for grok? I can’t seem to find the correct syntax for these specific commands…

Finaly rooted!
[root@haystack /]#

Syntax was more simple than I at first thought and tried to craft script…
Thanks for heads up that I am in the good direction for: @sneakypanda @s1mpl3

This was a very fun, sometimes frustrating box! I never touched this stack in my life before and now I feel that I know much more about the tool! Thanks for good learning experience!

Tips for ROOT:

When you get banana, just read the docs and configuration of stack component (last one you did not exploit before).