Haystack

have found hint through img and 10 records of ELk. Can someone please help me get DB dump?

Hey, i’m currently stuck on root. The part where I have to privesc from s*y to ka. I think i found the appropriate vulnerability but not sure how to move forward. Can anyone pm me some nudges or hints? Thank you in advance

Can someone help me out with a little nudge on K******* user? I am trying to run the LFI but it is not working for me… I can’t figure this out.

Hi all,

Thanks for the good tips in the thread, pretty useful.

I am on what I believe to be the very last step before root. Essentially I think I know what needs doing, I am Ka, have inspected the c**f files and in particular the fr one, however I suspect that my syntax is off. I am not 100% sure because the box behaves in what seems arbitrary ways at times. I have spent quite some time reading on g**k syntax but to no avail.

Any pointers will be appreciated…

thank you!

Managed to root this box without visiting forums… Definitely learned new techs. Had to read documentation carefully for certain utility.

Has anyone got a good guide for grok? I can’t seem to find the correct syntax for these specific commands…

Finaly rooted!
[root@haystack /]#

Syntax was more simple than I at first thought and tried to craft script…
Thanks for heads up that I am in the good direction for: @sneakypanda @s1mpl3

This was a very fun, sometimes frustrating box! I never touched this stack in my life before and now I feel that I know much more about the tool! Thanks for good learning experience!

Tips for ROOT:

When you get banana, just read the docs and configuration of stack component (last one you did not exploit before).

Rooted this earlier. Very frustrating box but learnt quite a bit thanks to @s1mpl3

Tips for ROOT: Once you are banana, research ELK, pay attention to the three files and understand regex. These were my silly mistakes that made this box take a lot longer than I expected. All up probably 8 hours on this box. Glad it’s done.

Rooted.

As a newbie i think this box was a total brainf**k. I voted 8 out of 10. I’m not ashamed to say that it tooks me WEEKS. And without the help of the forum and many PMs i’d have not been able to do it.

To be quite honest i think that if you never heard talking about ELK before, it’s going to be ■■■■. And that was my case.

Also, i agree with people saying that the l*******_ file isn’t triggered like it should be (every 10s). The first time i get root, i didn’t know how i did it and i had to restart few times just to be sure (i write my own walkthrought for all boxes).

anyway, if you need help, PM me. I sentso many PM, i can’t refuse to answer them now :slight_smile:

regarding the high port using e****** sh is the "C**l - GET 'H**P:**10...:9*** syntax the way to go to dump and retrieve data or am i off track?

You do not need to dump anything to get creds. All can be done with one zearch query from your browser

everything im trying to do on this box, the connection keep timing out?

nm i fixed it…so i did a dir search for port 9*** and a massive list returned how do i enumerate this to get the desired info…is there a specific tool i should be using? i apologize if my questions are basic, im quite new to this and learning as i go

Type your comment> @el3ctr0 said:

I think definitely that Im going to wait for IPSEC video, because everyone here is shouting how easy this one is and maybe Im looking it in complicated way, so as IPSEC like to do it in complicated way I will wait for him and see :D, truth is I got a lot of data from e*s but maybe not all, IPSEC, waiting on you buddy ?

This was the same for me but from the output there is a clear field you can use for both the search query and to test the limits

I was too impatient with the bash syntax and ended up copy and pasting lots of queries, once I found one that worked. I’m sure i could have achieved the same with a loop in bash but I gave up after about 4 tries as I knew the limits by then

Got it!

User: After tiny enumeration don’t look for vulns. Search for needles (flags)!

Root: more than enough is in this topic. In last part make yourself a coffee or something, because it can take a few minutes.

Got it fiouu, it was a serious works, not so bad for my first box on HTB , thx you ludw1g@htb and oi39 for the tips.
It was a pleasure to learn !!! and now Next one GOOOO

rooted, thanks @Gn0m3h4ck3r for help

I’m really stuck on what I think is the final step, I’ve found the 3 .cf files for l****h but aren’t sure on what to do with them.

A push in the right direction would be massively appreciated!

Edit: Worked out what I’ve got to do, struggling with the syntax for the payload though! Any pointers?

EditEdit: Rooted, if anyone wants help PM me!

This is my first time posting in this forum but I’m stuck on getting the k***** user. I’m using the right CVE however I’m getting an “Empty reply from server” after the request times out.

Any PMs would be appreciated!

Edit: figured it out! Thanks to @Gn0m3h4ck3r for the hint

so i finally figured out that i need to know ELK stack to figure out high port and im learning quite a bit about this db, but i cant seem to figure out the proper syntax to extract data…perhaps a little nudge to get me going in the right direction :slight_smile:

Can someone PM me ? I need help.