Kinda lost right now:
Find the nudge in the image but can’t crack the pw
Query both db but can’t put my hands on the info the others talked about…
Can someone pm me a hint ? Would be appreciated
Finally GOT IT (~8hrs)! 
Thanks for the box, learned a lot about ELK.
PM if you need a hint
How do you guys find the username? I found the password, but not the username…
Edit: nvm, it was right there!
This was my first box on HTB (Without an illegal walkthrough) and it feels amazing. I got a ton of hints, but it feels so great to have gotten user. If you’re a beginner, and you’re reading this: Try harder! I believe in you!!
Shoutout to Lotus for giving me hints that made me think it through. Go give them respect.
I can’t go futher after getting k****a access, maybe I’m not doing something correctly but the CVE I use works 1/10th time which is painful when you take 2 resets back to back so I think I’ll go on another box and eventually try again later.
I am stuck with my grok debugging, I keep getting “no matches” and not sure what the Ejecutar\scomando\s:\s+ is used for?
got it! big thanks to @isildur21
Rooted. PM for hints.
Edit: Okay. Finally, I figure it out.
When you look at that file(e**/l******/**./) , it automatically reads the file in that path. So I just wait to connect system.
Then, After 10 seconds, I got root. Isn’t it?
If you think I got it wrong(misunderstood) I’d appreciate a PM.
if u need the hand pm me !!
I’m absolutely stumped on debugging my l****_*** file so be read by the grok pattern. Any advice would be appreciated. I know I’m at the last step.
EDIT: So I managed to finally root it, but honestly I’m pretty sure something is weird with l****** on the box. It seemed like it triggered randomly, and definitely not every 10 seconds like it says it’s configured.
Is brute force needed for that image? I have found the password in the db dump, no username though. Looked through two directories. Gobuster and dirbuster running for an hour and nothing else found. A little nudge would be appreciated if I’m not on the right path. Thanks guys.
Type your comment> @Gn0m3h4ck3r said:
Is brute force needed for that image? I have found the password in the db dump, no username though. Looked through two directories. Gobuster and dirbuster running for an hour and nothing else found. A little nudge would be appreciated if I’m not on the right path. Thanks guys.
username is below pass in that dump, just read it careful
hi everyone. I’ve a problem with LFI, I think my curl syntax is wrong because I get 404 Not found error, maybe I use wrong url. can somebody help me?
I’m stuck at the privilege escalation from ka to root. I know i’m supposed to use lh and i found the three .conf file,s but i don’t know how to use it or what to do with them. Am i supposed to created my own .conf file and make l****h use it?
I’ve been stucked for days…any tips or advices would be great. Thanks.
Anyone wanna give me a nudge to get k***** user? i’ve read the hints in this thread regarding curl, and a certain CVE, but still not sure how to make sense of it. Any help would be appreciated 
EDIT: nvm found the CVE - just needed a walk
I’ve dumped the db but I’m stuck on the image. I assume I need to use steganography but I have no experience with it. I’ve tried using the stegsolve and stegcracker tools but couldn’t find anything. Any tips or resources to learn more?
Got USER!
That was interesting and fun experience…
Though I have never worked with e*********h before and this was the fist time I was touching it… So it was a mess at first, but after reading documentation and how to search it all - it took me literally few minutes to get user flag.
Tips: the image has secrets, but do not overthink it, just ‘dog’ it when downloaded and you will get a clue.
After getting the clue - you just need to go to your browser, write server URL with higher port and a crafted query - and you get the user. Literally one liner for getting creds.
Was a good exp with ES.
Now onto Root - this will be intersting knowning my lack of knowledge on ELK…
Good luck!