Haystack

Someone can help me in PM with the user ?
I figured out the clue to port 80, but I canā€™t find anything on the db.

ela********h 6.4. is this a rabbit hole
am trying to get my first rev shell

Please anyone nudge for process after security user. Can not find any way to escalate to K user then to root. Spent the whole night only to bypass user. Found the cve but how to relate kibana hosted at localhost when all conf files are read only? Thanks in advance

Type your comment> @deleite said:

Finally rooted.

One of trickiest machines Iā€™ve done in HTB.

My tips for root:

  • In my case the execution of the ā€˜comandoā€™ didnā€™t work because of quotes.
  • The logstash input process is self triggered.
  • Sometimes if you create more than one file the trigger is faster.

PM if need more hints.

Thank you, this saved meā€¦ found out what needed to be done pretty quickly but spent hours trying g**k statements.

Thanks for the box @JoyDragon. Learned alot that, to me, was useful in more then one way since we will be using ELK at work soon :+1:

Type your comment> @deleite said:

Finally rooted.

One of trickiest machines Iā€™ve done in HTB.

My tips for root:

  • In my case the execution of the ā€˜comandoā€™ didnā€™t work because of quotes.
  • The logstash input process is self triggered.
  • Sometimes if you create more than one file the trigger is faster.

PM if need more hints.

Congrats mate :slight_smile:

@Y3llowMustang said:
Finally rooted this box, figuring out the syntax for the last step of root was a roller coaster.

Big up buddie! :slight_smile:

Type your comment

Hi will someone be able to help with haystack? confused about the right path

Finally rooted this box! I spent way too much time being dumb and trying to get the LFI to run in the K****a debugging console, and couldnā€™t understand why I was just getting weird errors. All that was needed in the end was a good old curl. Root was then pretty simple.

Some tips:
User-

  • The image isnā€™t useless, maybe get the help of a feline friend
  • The high port has a well documented API, learn how to talk to it
  • When you know how to talk, look through all the information, and then search for what the image told you (be aware you may be only looking at 10 entries at a time)
  • When you find what youā€™re looking for you should know what to do

Root-

  • You may need to become someone else
  • If there is a service only available locally, there is a way to make it available to the outside
  • Dont be like me and try to use the stupid debugging console
  • Check the processes running for anything nonstandard, investigate them and then find a way to escalate.
  • A online debugger for G**k helped me a lot

PM me if you need any help.

Type your comment> @0x0raco said:

Can someone help me with the root, please? I am getting ā€˜{ā€œstatusCodeā€:400,ā€œerrorā€:ā€œBad Requestā€,ā€œmessageā€:ā€œ"apis" is a required param.ā€}ā€™ error everytime I try to use the exploit.

We receive the same error :neutral: Did you solve this problem? Please pm me

Edit: Use quotes, for example curl ā€œhttp://127.0.0.1:port/a**/c***ā€¦ā€

Hi, can someone nudge for escalating to k*** user? All kinds of confused!

Fairly easy box. Enjoyed it regardless.

Im Stuck on trying to pivot from sey user to k*a i know i have to view something thats only local remotely but my ss** command keeps failing and im unable to view that pageā€¦can someone nudge m in the rigth direction.

Rooted! Very interesting path from initial shell to root, learned a good amount about ELK

Found the high port and some of its files. Please give me a hint, how to get to the database.

Any nudge on the ā€˜empty reply from serverā€™ error? Used quotes. but I am still getting the same errorā€¦just making sure if a server side error and not my syntax.

Rooted. Interesting and fun box, learned something new.
PM me for a nudge.

@pytera I was stuck at the same place as you with the empty reply from server for 2 full days of working on this. I finally reset the box and it worked. So buy VIP if you donā€™t have it already, very helpful for this box!

Edit: Rooted! Hardest part of box is realizing you need to reset the box to get it to work.

Rooted! Nice box!

Hack The Box

Rooted, but very curious as to why the exploit going from sy to ka didnā€™t work half the time. I have VIP and it worked when I would reset the box, but if I tried to recreate my steps if I lost my k**a connection, it didnā€™t work. If anyone has insight on this, please PM me

If anyone needs any help with the box, feel free to PM me as well