Haystack

hmm so far i got user and on the way to root. I don’t know how to go on from the user obtained in the user part. Can someone PM me for me for help?

Edit: got K***** now and going on to root…

okay been K***** for a while now and I am RTFM for the 3 files but I am clueless on how this helps…

Edit: I think I am on the right track but don’t want to post any spoilers if someone wants to DM me to confirm?
Edt2: Once again over thinking. I am 99% there (my reverse shell keeps failing with ambiguous redirect)
Edit3: tried a different reverse shell and ROOT! hardest machine for me yet, but I learned a lot!

Ok, i have the text un spanish and i Talk spanish but cant figure out the user and password . If anyone could help me i Will be so gratefully.

Sorry for bad english

finally rooted !!

User was easy but root was really hard for me.

finally rooted

Hints:
user: dump
root: l*******

I need help for user.
I have no idea how to get the database.

Type your comment> @RandomPerson00 said:

I need help for user.
I have no idea how to get the database.

Check ports

Type your comment> @rholas said:

Type your comment> @RandomPerson00 said:

I need help for user.
I have no idea how to get the database.

Check ports

I should have been more specific. My mistake.
I have the port I just don’t know how to properly interact with it.

Edit: I got user.

Rooted.

Nudge: Read & understand the necessary conf files then try to create a file with the payload in the ‘target’ dir, then rest and sip some coffee. :wink:

…but first, have some basics about Logstash.

Happy Hacking! :slight_smile:

Type your comment> @ivnnn1 said:

I’m stuck at se*****y user, found the CVE, but I receive this when I try:

{“error”:{“root_cause”:[{“type”:“illegal_argument_exception”,“reason”:"request [/ai/c*****e/ai_s**er] contains unrecognized parameters: [ap],

Any hint?

Check your port. It’s not 9200.

Is it worth it to pay for VIP? The servers seem useless at the free level. I’ve had one login over ssh that immediately froze and about 37 other attempts that timed out. My time is being wasted here, even after solving the “riddle”.

Finally rooted this box, figuring out the syntax for the last step of root was a roller coaster.

Fun but certainly a challenging box. By all means drop a dm if you want a hint

Finally rooted.

One of trickiest machines I’ve done in HTB.

My tips for root:

  • In my case the execution of the ‘comando’ didn’t work because of quotes.
  • The logstash input process is self triggered.
  • Sometimes if you create more than one file the trigger is faster.

PM if need more hints.

Stuck on last part. Got ka and found the three files. Managed to parse the gk filter but not sure about payload in lh_ file? Am I on the right track, DM a nudge if poss :slight_smile:

that was funny =) got root while reading forum for hints, cause the file didn’t trigger. seems i was doing everything right way… just wonder why it didn’t trigger after 10 sec first time? EOF?

edit: read couple of comments before to answer my question. and this http://grokdebug.herokuapp.com might be helpful
edit: the debugger will tell you multiple lines are ok, but it’s not. it has to be one line and newline in the end

Got user but trying to get root. I know I need to do some priv escalation to a certain user and use that to exploit a certain vulnerability for l******* I think? If you have any tips or hints, a PM or comment would be much appreciated!

Got it. Thanks a lot @FredHappyface for the help. Thanks to @deleite too :smiley:

Root dance - Thanks to @v01t4ic & @saminskip for the nudge on root :slight_smile:

Root tip - On the final step “Stick to one line”…

Someone can help me in PM with the user ?
I figured out the clue to port 80, but I can’t find anything on the db.