Haystack

I’m at the last part. L****** isnt doing its thing. Can someone pm me? Thanks

Rooted it, I think the box sometimes works funky.

I got b***** string in the image decrypt it i got 2 passwords no username now dont know what to do
PM me need help!

I’m stucked at k***** user and woking with L******h and i read the conf and i have no idea what to do. Please PM me. I’ll respect for your help.

I have s***** user and i’m stuck now on getting this url thing

not sure if its because i’m on free, but getting the k**** user seems to take a ton of retrying

Rooted!!! If u get stuck DM me.

Hint for user: search something similar to msg from .jpg in all index data from :9200 Search until you find all parts.

Can someone point me on what to do as banana user? I can see this user running app, but it does not look like app contains something interesting.

I think i should warn you, comment:

@dontknow Search for a documented CVE about banana.
Just got root, feel free to PM if you need help
answering question “what to do for (how to get) banana?” not “what to do as (in the role of) banana”.

@dontknow Search for a documented CVE about banana.
Just got root, feel free to PM if you need help

That was a nice box ! User was tedious, but root was fun, learnt a ton of stuff.

Type your comment

can someone pm a hint for user. I was able to get i**** dump but no idea what to search for. I feel like I am overthinking / missing something about the needle…

edit: got user thanks to tip for port 80

edit2: anyone dm me for hints on getting into k**** I found the CVE with the tips but just not able to get it to trigger . NVM was totally overthinking it…

Am stuck on pivoting to k***** user - pretty sure I am executing the L** from the right place with right syntax - no result :frowning: Would appreciate a DM with some pointers …

Need help on root, newbie with privesc, please PM me

Could someone give this noob another nudge via dm? I see the three c*** files - figured out syntax via the online debugger. Struggling with how to trigger or what to input…

Can someone help me with the root, please? I am getting ‘{“statusCode”:400,“error”:“Bad Request”,“message”:“"apis" is a required param.”}’ error everytime I try to use the exploit.

So I am the k****** user and saw something in this thread about lh and gk. Found the lh file in the /e/ directory, with the three c****.* files, found a potentially interesting URL with information on the internet, but am now stuck on what to do next. Is somebody able to help me/give me a nudge/talk me through the process?

hmm so far i got user and on the way to root. I don’t know how to go on from the user obtained in the user part. Can someone PM me for me for help?

Edit: got K***** now and going on to root…

okay been K***** for a while now and I am RTFM for the 3 files but I am clueless on how this helps…

Edit: I think I am on the right track but don’t want to post any spoilers if someone wants to DM me to confirm?
Edt2: Once again over thinking. I am 99% there (my reverse shell keeps failing with ambiguous redirect)
Edit3: tried a different reverse shell and ROOT! hardest machine for me yet, but I learned a lot!

Ok, i have the text un spanish and i Talk spanish but cant figure out the user and password . If anyone could help me i Will be so gratefully.

Sorry for bad english