Haystack

Not so easy.

@badwolf gave some good advice. If your priv esc fails or you find you cant use it again. Change the path, it will save you from resetting.

USER: think about what the stack is. What could you possible search for given the tips.
ROOT: toughest part, GROK, RTFM!

Easy user. But I don’t know what to do for root. I used some enumerating tools and nothing.

(っ˘̩╭╮˘̩)っplz help.

I got all the way to the g**k part and I’ve been stuck here for about 8 hours straight. I need to sleep now. been working on this machine for 14 hours.

DM me. I’ll get back to you when I crawl out of bed later today. Bummed that I’m struggling so much with this one.

Also – if you’re having trouble getting up to the point where I am, I’ll do my best to help out if you DM me.

If you get stuck on getting K****** and the obviouse privesc doesn’t work make sure you use /tmp rather /home for your scripts.
With G***k part keep it simple, one simple line is all you need.

Rooted, But I don’t know who rate this as easy box, I felt it like hard one with Spanish language. but anyway learn lot of things about ELK, and the most good part was ssh redirection:

[root@haystack ~]# id
id
uid=0(root) gid=0(root) grupos=0(root) contexto=system_u:system_r:unconfined_service_t:s0
[root@haystack ~]#

Hack The Box

@ivnnn1 said:
I’m stuck at se*****y user, found the CVE, but I receive this when I try:

{“error”:{“root_cause”:[{“type”:“illegal_argument_exception”,“reason”:"request [/ai/c*****e/ai_s**er] contains unrecognized parameters: [ap],

Any hint?

kibana running only localhost so you need to find away to redirect the connection to get access to localhost, after that have shell in somewhere and user this CVE url.

Im still stuck after 4 hours trying to get a remote shell as k*****. I’ve tried playing around with the POC but cant get the shell. If anyone could PM me with any hints to make it work I would very much appreciate it!

I’m at the last part. L****** isnt doing its thing. Can someone pm me? Thanks

Rooted it, I think the box sometimes works funky.

I got b***** string in the image decrypt it i got 2 passwords no username now dont know what to do
PM me need help!

I’m stucked at k***** user and woking with L******h and i read the conf and i have no idea what to do. Please PM me. I’ll respect for your help.

I have s***** user and i’m stuck now on getting this url thing

not sure if its because i’m on free, but getting the k**** user seems to take a ton of retrying

Rooted!!! If u get stuck DM me.

Hint for user: search something similar to msg from .jpg in all index data from :9200 Search until you find all parts.

Can someone point me on what to do as banana user? I can see this user running app, but it does not look like app contains something interesting.

I think i should warn you, comment:

@dontknow Search for a documented CVE about banana.
Just got root, feel free to PM if you need help
answering question “what to do for (how to get) banana?” not “what to do as (in the role of) banana”.

@dontknow Search for a documented CVE about banana.
Just got root, feel free to PM if you need help

That was a nice box ! User was tedious, but root was fun, learnt a ton of stuff.

Type your comment

can someone pm a hint for user. I was able to get i**** dump but no idea what to search for. I feel like I am overthinking / missing something about the needle…

edit: got user thanks to tip for port 80

edit2: anyone dm me for hints on getting into k**** I found the CVE with the tips but just not able to get it to trigger . NVM was totally overthinking it…

Am stuck on pivoting to k***** user - pretty sure I am executing the L** from the right place with right syntax - no result :frowning: Would appreciate a DM with some pointers …