Haystack

Took 8 hours from user to root, mostly because the initial privesc exploit before root seemed to randomly work at times and not work at other times for reasons I still can’t figure out.

Rooted. Plenty of hints here.

I’m K***** now and need help with the next step. I see the 3 files, and I think I know what to do but L******* keeps giving me errors. Can someone DM me and give me a nudge?

EDIT: Got root. Thanks to @wail99 for helping me out! Happy to help anyone who’s stuck.

Not so easy.

@badwolf gave some good advice. If your priv esc fails or you find you cant use it again. Change the path, it will save you from resetting.

USER: think about what the stack is. What could you possible search for given the tips.
ROOT: toughest part, GROK, RTFM!

Easy user. But I don’t know what to do for root. I used some enumerating tools and nothing.

(っ˘̩╭╮˘̩)っplz help.

I got all the way to the g**k part and I’ve been stuck here for about 8 hours straight. I need to sleep now. been working on this machine for 14 hours.

DM me. I’ll get back to you when I crawl out of bed later today. Bummed that I’m struggling so much with this one.

Also – if you’re having trouble getting up to the point where I am, I’ll do my best to help out if you DM me.

If you get stuck on getting K****** and the obviouse privesc doesn’t work make sure you use /tmp rather /home for your scripts.
With G***k part keep it simple, one simple line is all you need.

Rooted, But I don’t know who rate this as easy box, I felt it like hard one with Spanish language. but anyway learn lot of things about ELK, and the most good part was ssh redirection:

[root@haystack ~]# id
id
uid=0(root) gid=0(root) grupos=0(root) contexto=system_u:system_r:unconfined_service_t:s0
[root@haystack ~]#

Hack The Box

@ivnnn1 said:
I’m stuck at se*****y user, found the CVE, but I receive this when I try:

{“error”:{“root_cause”:[{“type”:“illegal_argument_exception”,“reason”:"request [/ai/c*****e/ai_s**er] contains unrecognized parameters: [ap],

Any hint?

kibana running only localhost so you need to find away to redirect the connection to get access to localhost, after that have shell in somewhere and user this CVE url.

Im still stuck after 4 hours trying to get a remote shell as k*****. I’ve tried playing around with the POC but cant get the shell. If anyone could PM me with any hints to make it work I would very much appreciate it!

I’m at the last part. L****** isnt doing its thing. Can someone pm me? Thanks

Rooted it, I think the box sometimes works funky.

I got b***** string in the image decrypt it i got 2 passwords no username now dont know what to do
PM me need help!

I’m stucked at k***** user and woking with L******h and i read the conf and i have no idea what to do. Please PM me. I’ll respect for your help.

I have s***** user and i’m stuck now on getting this url thing

not sure if its because i’m on free, but getting the k**** user seems to take a ton of retrying

Rooted!!! If u get stuck DM me.

Hint for user: search something similar to msg from .jpg in all index data from :9200 Search until you find all parts.

Can someone point me on what to do as banana user? I can see this user running app, but it does not look like app contains something interesting.

I think i should warn you, comment:

@dontknow Search for a documented CVE about banana.
Just got root, feel free to PM if you need help
answering question “what to do for (how to get) banana?” not “what to do as (in the role of) banana”.

@dontknow Search for a documented CVE about banana.
Just got root, feel free to PM if you need help

That was a nice box ! User was tedious, but root was fun, learnt a ton of stuff.