Haystack

Type your comment> @petruknisme said:

> It's the same. If you can find the user, the pass is near from that. And if you can reveal the user, i think you can reveal pass too. I hope I'm not spoling this.

Aw…I’ve just found another string that was similar to pass. Now I found it, and on the way to root.

I have a key I have a pass, I also have a fried brain any nudges on the next step for user and root welcome?

Also, anyone finding the host down a lot?

I am stuck with the priv esc to root.
Anyone can PM me with some hints/nudges?
Nearly there I think. :smiley:

I know I can talk to the stretchysearch using c***. I’ve enumerated all the indices. I’ve translated all the text and read everything in detail, as I know the needle in the haystack is key…

I’m totally lost now, I’ve tried a few different scripts to help enumerate/dump the entire DB, but can’t get them to work. Could do with some pointers here anyone, please :smiley:

Can I get some help on user? I’ve been using the “rubberband” and I’ve used _search on b*** and q***** but haven’t found anything useful.

Type your comment> @slimz28 said:

Can I get some help on user? I’ve been using the “rubberband” and I’ve used _search on b*** and q***** but haven’t found anything useful.

Same here - feel like I am as far as I can go without some direction please!

Type your comment> @slimz28 said:

Can I get some help on user? I’ve been using the “rubberband” and I’ve used _search on b*** and q***** but haven’t found anything useful.

DM I can help a little

Type your comment> @mojorisin said:

Type your comment> @slimz28 said:

Can I get some help on user? I’ve been using the “rubberband” and I’ve used _search on b*** and q***** but haven’t found anything useful.

DM I can help a little

Haha as soon as I commented, I tried something and that gave me what I needed to uncover the username/passwd. :slight_smile:

Hey everyone,

I’m looking for help getting root. Found somethings that I’m exploring but can’t really narrow a path to a privesc down.

Type your comment> @slimz28 said:

Type your comment> @mojorisin said:

Type your comment> @slimz28 said:

Can I get some help on user? I’ve been using the “rubberband” and I’ve used _search on b*** and q***** but haven’t found anything useful.

DM I can help a little

Haha as soon as I commented, I tried something and that gave me what I needed to uncover the username/passwd. :slight_smile:

Have you got near root yet if you have could you give me a nudge I have user :smile: )

I’m on the box trying to priv esc to K. Super stuck here, could someone give me a nudge please? I read something about an LFI, but is this the only way?

Got user… but for root, i am trying to use the L**-vulnerabiility. When I use it the server only “chews”. No mattr if i include a reverse shell or a textfile. Isn’t this the severity we are supposed to use?

Read up on how l******h handles log files.

Phew, finally rooted. Don’t over think the privesc like I did. Look at what you have, consult the documentation to understand what’s going on, google around for some good resources, and then use a debugger to your advantage. PM me if you’re stuck and need a nudge in the right direction. Special thanks to @thegoatreich for the assist.

Just got root, as @nergalwaja says, don’t overthink it. Just connect the dots.
Special thanks to everybody who gave me a nudge in the right direction. Looking to pay it forward, PM me if stuck or in need of hints. :smiley: Good luck.

jeez, i’m getting a raw patch on my head from scratching it so hard. user was…meh. nice puzzle but i prefer more “real world” boxes. i know what i need to do after getting user, it’s just i can’t figure out how. i know what to upload and was looking into a specific CVE but i can’t figure out how to execute it. looking through the documentation (which is pretty bad in my opinion, just my 2 cents) didn’t get me any further, can anyone point me in the right direction on what to read up on? i’m stuck

When trying the K***** exploit, i’m getting a status 400 unrecognised parameter error - can someone nudge me on what I’m doing wrong here?

Ok I’m stupid.

rooted. Learned a lot about l****h , especially gk.
All hints have been already mentioned. If I have to add something about priv esc, don’t forget that \s means SPACE.

Umm, is the s* suid binary that the l******h spits out a rabbit hole ?

Yeah being stuck is being desperate :slight_smile: