Hi sir, i need some help on Haystack.
I already get user.txt and get a reverse shell as kibana.
But i dont know how to move on to get root.
I guess i need to put something on /opt/kibana/logstash_*?
Could you please give me some hints?
any hints you could help me with for the kibana user, I understand i need to use the CVE-2018-17246
however the exploit doesn't seem to be working for me when i run the get request. My log says that there is already an instance running of it, that may be from it first starting. I am not understanding how others were able to exploit it so easily. Do i need to tweak something fro it to work. Any nudge toward the kibana user would be amazing and very helpful ( not necessarily root just the kibana user ) or if your rooted through a different method, a nudge in that direction would be amazing.
Is there any LFI?
Which port 80 or 443?
I found a user "oslo" . I tied creak FTP pass. It is not work. Any tips for user