I got all the way to the g**k part and I’ve been stuck here for about 8 hours straight. I need to sleep now. been working on this machine for 14 hours.
DM me. I’ll get back to you when I crawl out of bed later today. Bummed that I’m struggling so much with this one.
Also – if you’re having trouble getting up to the point where I am, I’ll do my best to help out if you DM me.
If you get stuck on getting K****** and the obviouse privesc doesn’t work make sure you use /tmp rather /home for your scripts.
With G***k part keep it simple, one simple line is all you need.
Rooted, But I don’t know who rate this as easy box, I felt it like hard one with Spanish language. but anyway learn lot of things about ELK, and the most good part was ssh redirection:
[root@haystack ~]# id
id
uid=0(root) gid=0(root) grupos=0(root) contexto=system_u:system_r:unconfined_service_t:s0
[root@haystack ~]#
kibana running only localhost so you need to find away to redirect the connection to get access to localhost, after that have shell in somewhere and user this CVE url.
Im still stuck after 4 hours trying to get a remote shell as k*****. I’ve tried playing around with the POC but cant get the shell. If anyone could PM me with any hints to make it work I would very much appreciate it!
Hint for user: search something similar to msg from .jpg in all index data from :9200 Search until you find all parts.
Can someone point me on what to do as banana user? I can see this user running app, but it does not look like app contains something interesting.
I think i should warn you, comment:
@dontknow Search for a documented CVE about banana.
Just got root, feel free to PM if you need help
answering question “what to do for (how to get) banana?” not “what to do as (in the role of) banana”.
can someone pm a hint for user. I was able to get i**** dump but no idea what to search for. I feel like I am overthinking / missing something about the needle…
edit: got user thanks to tip for port 80
edit2: anyone dm me for hints on getting into k**** I found the CVE with the tips but just not able to get it to trigger . NVM was totally overthinking it…
Am stuck on pivoting to k***** user - pretty sure I am executing the L** from the right place with right syntax - no result Would appreciate a DM with some pointers …