Haystack

Rooted. The user was fun… Wasn’t really a fan of getting the root. I don’t think this was an easy box. Thanks to everybody for all the hints and the links provided.

got user. that was very fun!! there is an incredibly useful tool for user! PM me if you need a hint

Hello, I’m having a lot of trouble finding the username. I have the database and found the password, but have been translating for hours and haven’t found anything pertaining to a username. Any help is greatly appreciated.

Type your comment> @binaryfigments said:

Got shell with k*a
Creating l
h_
files (for shell)
files are gone after minutes, but nothung… any help?

I,m in the same point, please, someone could PM

Hello, I’m having a lot of trouble finding the username. I have the database and found the password, but have been translating for hours and haven’t found anything pertaining to a username. Any help is greatly appreciated.

If you have found the needle, just search for it. There are only 2 matches

Rooted the box with the help of the comments here. Can someone message me what enum I had to run / check to find the l***** user ? Got more ore less spoiled and skipped that enum …

Stuck with 2 messages, 1 from pic and the other sql query with tons of Spanish. Can someone provide me some hints on this machine?

Type your comment

Stuck on getting root. I know where to put the file but i am having problems with it. The file goes away after a few minutes but nothing happens. Can some give me a hint.

Never-mind I got root now.

Found the uh… hidden message up front, and well done! I really like this.

I just did a competition today and had some similar stuff so I was ready for it this time lol

Finally rooted! :smiley:

That was the hardest one I’ve done so far.

Feel free to PM me if you need a hint.

Got root - not too bad. interesting box - good to learn about the ELK stack. Enjoyed root - good stuff - learnt some things.

Type your comment

PM for nuggets

Thanks @NieruHawic for the assistance on the last few steps!! Rooted!

I only got as far as doing you basic scans like every other box, I used my steg skills to get a message from the picture, but I don’t know where to go next. Could someone help me please? Feel free to shoot me a pm. Thank you!

I’m stuck with the root, any hints going from user to ki***a ???

Guys i need a nudge I dumped all the data from high port in the /b*** and /q***** but found nothing please nudge me :slight_smile:

Type your comment> @PwrZer0 said:

Guys i need a nudge I dumped all the data from high port in the /b*** and /q***** but found nothing please nudge me :slight_smile:

Look further in the bits of the image at 80.

Got root!

For anyone is stuck in L** (empty reply from server). Some hints:

1 - Use quotes ever (CURL “http://<NINJA_PAYLOAD>”);
2 - RENAME your .js file. Don’t use shell.js or shell_1.js, rename to xpto_1233.js or another strange unique name. Really, this is a save point!

Any nuggets, PM ME! I’ll appreciate helping!

Rooted. If you’ll have some trouble, PM me.