Awesome box. Initial foothold was a little too CTF style for my taste, but really enjoyed low priv → root through the elk stack. Highly recommend checking out the grok debugger when you get to that part.
Saw some other comments on here about port forwarding and “ssh black magic”, I did not have to do any port forwarding whatsoever on this.
i know the ssh username but i dont know the password.
can anybody please help me… its been a week for me… to complete this.
How did you figure out the username if you don’t know the password? B/c it’s in the same data dump but a little above. Did you get a spoiler?
i did a python script to check each default username.
and one of may tested username its valid… thats it.
i dont know how to dump the database.
any clue ?
second…
does the ssh port forwarding also work on this machine without password ?
So I have read through the 3 files and i know what I need to go to get root, but what I thought would work isn’t. If anyone could PM me so I could shoot some ideas that would be amazing.
How did you figure out the username if you don’t know the password? B/c it’s in the same data dump but a little above. Did you get a spoiler?
i did a python script to check each default username.
and one of may tested username its valid… thats it.
I see.
i dont know how to dump the database.
any clue ?
You may need to use an extension to ELK which enables you to view data using SQL queries. You will see tables, columns and finally data dump by the help of the good old cURL.
does the ssh port forwarding also work on this machine without password ?
No. You will need to have SSH user/password.
Why wen i run the exploit from scrity to k**a*a, some times works, sometimes dont?
Yes, the exploit is a bit flaky, I think it has to do with other people using it at the same time. Keep trying, it DOES work as described.
@rfalopes said:
Hello, Im ki**na, any tip to get root?
Ponder why the ELK stack has that name, and which letters you have already used so far. Read a bit up on that third part of the trinity. Then figure out what it does on this box and do something quite similar to what you’ve done before.
Why wen i run the exploit from scrity to k**a*a, some times works, sometimes dont?
Yes, the exploit is a bit flaky, I think it has to do with other people using it at the same time. Keep trying, it DOES work as described.
@rfalopes said:
Hello, Im ki**na, any tip to get root?
Ponder why the ELK stack has that name, and which letters you have already used so far. Read a bit up on that third part of the trinity. Then figure out what it does on this box and do something quite similar to what you’ve done before.
Yes i know… Now i need do make a priv. esc. using the Lostah… And i find the CVE-2017-170 but i dont know how to use it
This box is infuriating, I have spent days looking at files and installation methods on the ELK, and read all 22 sections of this forum and nothing. I have enumerated the box and found nothing but rabbit holes in the various installation paths available and read some more on what was in there. Then another user pointed me in a direction that again yielded another infuriating path that I thought it was utilizing the method to gain initial user. I know I need to p*** to k***a but ffs I don’t see it. Any direction that would be greatly appreciated.
Rooted. The user was fun… Wasn’t really a fan of getting the root. I don’t think this was an easy box. Thanks to everybody for all the hints and the links provided.
Hello, I’m having a lot of trouble finding the username. I have the database and found the password, but have been translating for hours and haven’t found anything pertaining to a username. Any help is greatly appreciated.
Hello, I’m having a lot of trouble finding the username. I have the database and found the password, but have been translating for hours and haven’t found anything pertaining to a username. Any help is greatly appreciated.
If you have found the needle, just search for it. There are only 2 matches