Haystack

Is the rubberbandfind cve a rabbit hole? Please PM

Type your comment> @maru37 said:

Struggling with user. I think I’ve got everything I need but the pieces don’t seem to fit. If anyone feels like giving me a push, I’ll happily share everything I’ve done so far. Was having fun for a bit and now it’s just frustrating me because hints are like “use the needle” and I’m like ¯_(ツ)_/¯ .

Did you progress? I think we both are in the same boat.

Been a way for a while, came back and gave haystack a go

So everything up untill that very last step is fairly straight forward

found 3 files, know exactly what to edit and where. but for groks sake i cant seem to get that last step working !

Any hints on that would be appreciated !

Feel free to PM me if you have questions

Figured it out. needed to catch up on my regex skills

Rooted. PM me if you need hints. Thx @gluggers !

Rooted. Finally. Thanks a lot to all of you awesome people. :slight_smile:

User is quite easy.

And IMO root is not that difficulty too if you know what to look for.
The steps itself and what to do, is reading and executing, but to figure out what to look for was the hard part for me. But the hints in the forum helped much!

If you need help. Feel free to PN me. :slight_smile:

im tryng getting user…some hint ? also in private? i cant find something usefull mmh maybe i dont know how retrieve something from 9*** , any help?
im pretty noob

Managed to get user faster than expected but couldn’t get the hint for the 80 port. Can someone PM me out of curiosity ? Thanks

EDIT: Nevermind I figured it out! PM me if you need tips on this 80 :slight_smile:

Yay, rooted. Was quite fun in the end. Would never have got there without reading this thread, mind you.

Done; i’ve learned a lot. Thanks for the box!

Certainly have square eyes after hunting for the password for user. Found the username but absolutely stumped on the password, I feel I’m over complicating this. Can anyone PM me some tips :slight_smile:

EDIT: Huge thanks to @hg8 for helping me use my brain!

Rooted!
The privesc was super fun and learned a lot about ELK stack. Thanks for the box.

PM if you need little help :slight_smile:

Finally rooted! Thanks to @minimal0 for help.

It should not an easy box :neutral:

I’m stuck at se*****y user, found the CVE, but I receive this when I try:

{“error”:{“root_cause”:[{“type”:“illegal_argument_exception”,“reason”:"request [/ai/c*****e/ai_s**er] contains unrecognized parameters: [ap],

Any hint?

Finally got root. I learned a lot on this one. I wasn’t even aware of the E** stack before starting this.

Help pls, I find “pass:” but which username is?
Edit: found

I’m stuck on last part to get root. Found the three f*****.cf , i****.cf, o*****.c**f files but don’t know how to use them to get the root shell. Please Help!

Edit: Got root! Do not overthink just follow what the grok is asking you!

thanks @matthegrinch

finally rooted !! what a funny box
feel free to PM me for hints

Got the user.txt. I’m coming root.txt :slight_smile: