Haystack

Hi will someone be able to help with haystack? confused about the right path

Finally rooted this box! I spent way too much time being dumb and trying to get the LFI to run in the K****a debugging console, and couldn’t understand why I was just getting weird errors. All that was needed in the end was a good old curl. Root was then pretty simple.

Some tips:
User-

  • The image isn’t useless, maybe get the help of a feline friend
  • The high port has a well documented API, learn how to talk to it
  • When you know how to talk, look through all the information, and then search for what the image told you (be aware you may be only looking at 10 entries at a time)
  • When you find what you’re looking for you should know what to do

Root-

  • You may need to become someone else
  • If there is a service only available locally, there is a way to make it available to the outside
  • Dont be like me and try to use the stupid debugging console
  • Check the processes running for anything nonstandard, investigate them and then find a way to escalate.
  • A online debugger for G**k helped me a lot

PM me if you need any help.

Type your comment> @0x0raco said:

Can someone help me with the root, please? I am getting ‘{“statusCode”:400,“error”:“Bad Request”,“message”:“"apis" is a required param.”}’ error everytime I try to use the exploit.

We receive the same error :neutral: Did you solve this problem? Please pm me

Edit: Use quotes, for example curl “http://127.0.0.1:port/a**/c***…”

Hi, can someone nudge for escalating to k*** user? All kinds of confused!

Fairly easy box. Enjoyed it regardless.

Im Stuck on trying to pivot from sey user to k*a i know i have to view something thats only local remotely but my ss** command keeps failing and im unable to view that page…can someone nudge m in the rigth direction.

Rooted! Very interesting path from initial shell to root, learned a good amount about ELK

Found the high port and some of its files. Please give me a hint, how to get to the database.

Any nudge on the ‘empty reply from server’ error? Used quotes. but I am still getting the same error…just making sure if a server side error and not my syntax.

Rooted. Interesting and fun box, learned something new.
PM me for a nudge.

@pytera I was stuck at the same place as you with the empty reply from server for 2 full days of working on this. I finally reset the box and it worked. So buy VIP if you don’t have it already, very helpful for this box!

Edit: Rooted! Hardest part of box is realizing you need to reset the box to get it to work.

Rooted! Nice box!

Hack The Box

Rooted, but very curious as to why the exploit going from sy to ka didn’t work half the time. I have VIP and it worked when I would reset the box, but if I tried to recreate my steps if I lost my k**a connection, it didn’t work. If anyone has insight on this, please PM me

If anyone needs any help with the box, feel free to PM me as well

adding more dotdotslash did the trick for me

Hi, I got an empty reply from server when I do prev.esc from user to k****a. Pleae let me know if you anyone has found a way to handle this. couldn’t able to connect to the reverse shell. found the exploit and running the curl -command but doesn’t help.

Hi, can someone please pm me? need help with root, i know the 3 well known files but i have no idea what to do next. thx

I’ve read through tons of “hints” and NONE of them help a newb.

rooted. had to get vip this one was soooo unstable for me

Type your comment> @Hacker1093 said:

Hi, I got an empty reply from server when I do prev.esc from user to k****a. Pleae let me know if you anyone has found a way to handle this. couldn’t able to connect to the reverse shell. found the exploit and running the curl -command but doesn’t help.

Hi Dude, I have the same issue, have you figured this out yet? I have added more …/ and quotes but it didn’t help… I would appreciate a nudge :slight_smile:

I need help with the redirection for the k**a service, it is only listening on localhost. I have user shell. Please someone DM