Haystack

Ok guys, I’ve got user.txt. I little hint?

@andresitompul said:

i know the ssh username but i dont know the password.

can anybody please help me… its been a week for me… to complete this.
How did you figure out the username if you don’t know the password? B/c it’s in the same data dump but a little above. Did you get a spoiler?

Awesome box. Initial foothold was a little too CTF style for my taste, but really enjoyed low priv → root through the elk stack. Highly recommend checking out the grok debugger when you get to that part.

Saw some other comments on here about port forwarding and “ssh black magic”, I did not have to do any port forwarding whatsoever on this.

Great box, that one was alot of divertido

need help … anyone there.?

Type your comment> @qmi said:

@andresitompul said:

i know the ssh username but i dont know the password.

can anybody please help me… its been a week for me… to complete this.
How did you figure out the username if you don’t know the password? B/c it’s in the same data dump but a little above. Did you get a spoiler?

i did a python script to check each default username.
and one of may tested username its valid… thats it.
i dont know how to dump the database.

any clue ?

second…

does the ssh port forwarding also work on this machine without password ?

So I have read through the 3 files and i know what I need to go to get root, but what I thought would work isn’t. If anyone could PM me so I could shoot some ideas that would be amazing.

@andresitompul said:

How did you figure out the username if you don’t know the password? B/c it’s in the same data dump but a little above. Did you get a spoiler?

i did a python script to check each default username.
and one of may tested username its valid… thats it.
I see.

i dont know how to dump the database.

any clue ?
You may need to use an extension to ELK which enables you to view data using SQL queries. You will see tables, columns and finally data dump by the help of the good old cURL.

does the ssh port forwarding also work on this machine without password ?
No. You will need to have SSH user/password.

Why wen i run the exploit from scrity to k**a*a, some times works, sometimes dont?

Hello, Im ki**na, any tip to get root?

@rfalopes said:
Hello, Im ki**na, any tip to get root?

Stuck at the same place. I have the 3 files and I believe I know how Grok works, but how I can use that to get a shell as root?

Nevermind: rooted. PM if you want for tips.

Type your comment> @rfalopes said:

Why wen i run the exploit from scrity to k**a*a, some times works, sometimes dont?

Yes, the exploit is a bit flaky, I think it has to do with other people using it at the same time. Keep trying, it DOES work as described.

@rfalopes said:
Hello, Im ki**na, any tip to get root?

Ponder why the ELK stack has that name, and which letters you have already used so far. Read a bit up on that third part of the trinity. Then figure out what it does on this box and do something quite similar to what you’ve done before.

Type your comment> @BT1483 said:

Type your comment> @rfalopes said:

Why wen i run the exploit from scrity to k**a*a, some times works, sometimes dont?

Yes, the exploit is a bit flaky, I think it has to do with other people using it at the same time. Keep trying, it DOES work as described.

@rfalopes said:
Hello, Im ki**na, any tip to get root?

Ponder why the ELK stack has that name, and which letters you have already used so far. Read a bit up on that third part of the trinity. Then figure out what it does on this box and do something quite similar to what you’ve done before.

Yes i know… Now i need do make a priv. esc. using the Lostah… And i find the CVE-2017-170 but i dont know how to use it :confused:

Yes i know… Now i need do make a priv. esc. using the Lostah… And i find the CVE-2017-170 but i dont know how to use it :confused:

You’re thinking way, way more complicated than it is.

Take a look at what l******h is doing.

Can someone please PM me how to escalate from Kiana user to root. Cant understand how to use lo*sh for that…

This box is infuriating, I have spent days looking at files and installation methods on the ELK, and read all 22 sections of this forum and nothing. I have enumerated the box and found nothing but rabbit holes in the various installation paths available and read some more on what was in there. Then another user pointed me in a direction that again yielded another infuriating path that I thought it was utilizing the method to gain initial user. I know I need to p*** to k***a but ffs I don’t see it. Any direction that would be greatly appreciated.

Got shell with k*a
Creating l
h_
files (for shell)
files are gone after minutes, but nothung… any help?

Update!
Found! Its all in the spacings…

Rooted. The user was fun… Wasn’t really a fan of getting the root. I don’t think this was an easy box. Thanks to everybody for all the hints and the links provided.

got user. that was very fun!! there is an incredibly useful tool for user! PM me if you need a hint

Hello, I’m having a lot of trouble finding the username. I have the database and found the password, but have been translating for hours and haven’t found anything pertaining to a username. Any help is greatly appreciated.