Haystack

I’m absolutely stumped on debugging my l****_*** file so be read by the grok pattern. Any advice would be appreciated. I know I’m at the last step.

EDIT: So I managed to finally root it, but honestly I’m pretty sure something is weird with l****** on the box. It seemed like it triggered randomly, and definitely not every 10 seconds like it says it’s configured.

Is brute force needed for that image? I have found the password in the db dump, no username though. Looked through two directories. Gobuster and dirbuster running for an hour and nothing else found. A little nudge would be appreciated if I’m not on the right path. Thanks guys.

Type your comment> @Gn0m3h4ck3r said:

Is brute force needed for that image? I have found the password in the db dump, no username though. Looked through two directories. Gobuster and dirbuster running for an hour and nothing else found. A little nudge would be appreciated if I’m not on the right path. Thanks guys.

username is below pass in that dump, just read it careful

hi everyone. I’ve a problem with LFI, I think my curl syntax is wrong because I get 404 Not found error, maybe I use wrong url. can somebody help me?

I’m stuck at the privilege escalation from ka to root. I know i’m supposed to use lh and i found the three .conf file,s but i don’t know how to use it or what to do with them. Am i supposed to created my own .conf file and make l****h use it?

I’ve been stucked for days…any tips or advices would be great. Thanks.

Anyone wanna give me a nudge to get k***** user? i’ve read the hints in this thread regarding curl, and a certain CVE, but still not sure how to make sense of it. Any help would be appreciated :slight_smile:

EDIT: nvm found the CVE - just needed a walk

I’ve dumped the db but I’m stuck on the image. I assume I need to use steganography but I have no experience with it. I’ve tried using the stegsolve and stegcracker tools but couldn’t find anything. Any tips or resources to learn more?

Got USER!

That was interesting and fun experience…
Though I have never worked with e*********h before and this was the fist time I was touching it… So it was a mess at first, but after reading documentation and how to search it all - it took me literally few minutes to get user flag.
Tips: the image has secrets, but do not overthink it, just ‘dog’ it when downloaded and you will get a clue.
After getting the clue - you just need to go to your browser, write server URL with higher port and a crafted query - and you get the user. Literally one liner for getting creds.
Was a good exp with ES.

Now onto Root - this will be intersting knowning my lack of knowledge on ELK…

Good luck!

So I am currently sy user. I have used pivot to get to the k app so I can access the console. Do I need to do this? The LFI online doesn’t make much sense to me. Any pointers would be greatly appreciated.

have found hint through img and 10 records of ELk. Can someone please help me get DB dump?

Hey, i’m currently stuck on root. The part where I have to privesc from s*y to ka. I think i found the appropriate vulnerability but not sure how to move forward. Can anyone pm me some nudges or hints? Thank you in advance

Can someone help me out with a little nudge on K******* user? I am trying to run the LFI but it is not working for me… I can’t figure this out.

Hi all,

Thanks for the good tips in the thread, pretty useful.

I am on what I believe to be the very last step before root. Essentially I think I know what needs doing, I am Ka, have inspected the c**f files and in particular the fr one, however I suspect that my syntax is off. I am not 100% sure because the box behaves in what seems arbitrary ways at times. I have spent quite some time reading on g**k syntax but to no avail.

Any pointers will be appreciated…

thank you!

Managed to root this box without visiting forums… Definitely learned new techs. Had to read documentation carefully for certain utility.

Has anyone got a good guide for grok? I can’t seem to find the correct syntax for these specific commands…

Finaly rooted!
[root@haystack /]#

Syntax was more simple than I at first thought and tried to craft script…
Thanks for heads up that I am in the good direction for: @sneakypanda @s1mpl3

This was a very fun, sometimes frustrating box! I never touched this stack in my life before and now I feel that I know much more about the tool! Thanks for good learning experience!

Tips for ROOT:

When you get banana, just read the docs and configuration of stack component (last one you did not exploit before).

Rooted this earlier. Very frustrating box but learnt quite a bit thanks to @s1mpl3

Tips for ROOT: Once you are banana, research ELK, pay attention to the three files and understand regex. These were my silly mistakes that made this box take a lot longer than I expected. All up probably 8 hours on this box. Glad it’s done.

Rooted.

As a newbie i think this box was a total brainf**k. I voted 8 out of 10. I’m not ashamed to say that it tooks me WEEKS. And without the help of the forum and many PMs i’d have not been able to do it.

To be quite honest i think that if you never heard talking about ELK before, it’s going to be ■■■■. And that was my case.

Also, i agree with people saying that the l*******_ file isn’t triggered like it should be (every 10s). The first time i get root, i didn’t know how i did it and i had to restart few times just to be sure (i write my own walkthrought for all boxes).

anyway, if you need help, PM me. I sentso many PM, i can’t refuse to answer them now :slight_smile:

regarding the high port using e****** sh is the "C**l - GET 'H**P:**10...:9*** syntax the way to go to dump and retrieve data or am i off track?

You do not need to dump anything to get creds. All can be done with one zearch query from your browser