Haystack

Am stuck on pivoting to k***** user - pretty sure I am executing the L** from the right place with right syntax - no result :frowning: Would appreciate a DM with some pointers …

Need help on root, newbie with privesc, please PM me

Could someone give this noob another nudge via dm? I see the three c*** files - figured out syntax via the online debugger. Struggling with how to trigger or what to input…

Can someone help me with the root, please? I am getting ‘{“statusCode”:400,“error”:“Bad Request”,“message”:“"apis" is a required param.”}’ error everytime I try to use the exploit.

So I am the k****** user and saw something in this thread about lh and gk. Found the lh file in the /e/ directory, with the three c****.* files, found a potentially interesting URL with information on the internet, but am now stuck on what to do next. Is somebody able to help me/give me a nudge/talk me through the process?

hmm so far i got user and on the way to root. I don’t know how to go on from the user obtained in the user part. Can someone PM me for me for help?

Edit: got K***** now and going on to root…

okay been K***** for a while now and I am RTFM for the 3 files but I am clueless on how this helps…

Edit: I think I am on the right track but don’t want to post any spoilers if someone wants to DM me to confirm?
Edt2: Once again over thinking. I am 99% there (my reverse shell keeps failing with ambiguous redirect)
Edit3: tried a different reverse shell and ROOT! hardest machine for me yet, but I learned a lot!

Ok, i have the text un spanish and i Talk spanish but cant figure out the user and password . If anyone could help me i Will be so gratefully.

Sorry for bad english

finally rooted !!

User was easy but root was really hard for me.

finally rooted

Hints:
user: dump
root: l*******

I need help for user.
I have no idea how to get the database.

Type your comment> @RandomPerson00 said:

I need help for user.
I have no idea how to get the database.

Check ports

Type your comment> @rholas said:

Type your comment> @RandomPerson00 said:

I need help for user.
I have no idea how to get the database.

Check ports

I should have been more specific. My mistake.
I have the port I just don’t know how to properly interact with it.

Edit: I got user.

Rooted.

Nudge: Read & understand the necessary conf files then try to create a file with the payload in the ‘target’ dir, then rest and sip some coffee. :wink:

…but first, have some basics about Logstash.

Happy Hacking! :slight_smile:

Type your comment> @ivnnn1 said:

I’m stuck at se*****y user, found the CVE, but I receive this when I try:

{“error”:{“root_cause”:[{“type”:“illegal_argument_exception”,“reason”:"request [/ai/c*****e/ai_s**er] contains unrecognized parameters: [ap],

Any hint?

Check your port. It’s not 9200.

Is it worth it to pay for VIP? The servers seem useless at the free level. I’ve had one login over ssh that immediately froze and about 37 other attempts that timed out. My time is being wasted here, even after solving the “riddle”.

Finally rooted this box, figuring out the syntax for the last step of root was a roller coaster.

Fun but certainly a challenging box. By all means drop a dm if you want a hint

Finally rooted.

One of trickiest machines I’ve done in HTB.

My tips for root:

  • In my case the execution of the ‘comando’ didn’t work because of quotes.
  • The logstash input process is self triggered.
  • Sometimes if you create more than one file the trigger is faster.

PM if need more hints.

Stuck on last part. Got ka and found the three files. Managed to parse the gk filter but not sure about payload in lh_ file? Am I on the right track, DM a nudge if poss :slight_smile: