Haystack

Type your comment> @hva said:

hi,i think i’m in the final step,i try to add some script in lh_,but what’s next?i can’t restart l*h.
if anyone has any ideas please PM me.

It runs automatically as long as it’s in the right place.

Are you sure it runs automatically ? I’ve seen it being triggered at different intervals and was under the impression someone else must have triggered it for me.

Are you sure it runs automatically ? I’ve seen it being triggered at different intervals and was under the impression someone else must have triggered it for me.

Hmm… I’ll have to go back and revisit. I was under the impression it ran automatically as part of the logging process. FWIW I ran several different command while messing with the box after getting root.txt and there were no other files there.

Let me know if you find out otherwise!

Rooted

Not an easy box to be honest, only the user part was easy. Should be medium.

Hi user.txt taken. I went up as a user k ******. now I don’t know how to go on. any small suggestions?

Anyone else having problems with that F thingy where you get no response from the server?

Can anyone give me a nudge as to why I can’t find the right place to put my script? Looking at k***** config yml hasn’t helped me! Still confused!

Type your comment> @smaxs said:

hi, this my first maschine im doing. I got stuck on root priv_esc … maybe someone can confirm im on the right track or not:

  • iam user k*****
  • i added something on the bottom of a file s********s
  • when i try to execute it manually it kind a tells me iam not root…
  • it seems not to be executed… waiting for around 30 mins… or should i be more patient…?


@JoyDragon thx for the maschine i already learned a lot her!

Same situation. Stuck since yesterday. I will appreciate any hints on DM.

Edit: Done. Nightmare.
Edit2: To be clear - it was nightmare for me to root the machine due to lack of knowledge of ELK stack as well as lack of experiance. The box itself is great, the ctf-like user part is fun!

Still super stuck on this trying to priv esc to K*****…

Please can someone help me find the correct location to put the js? I have looked in the yml and nothing sticks out to me…

Finally rooted. Thanks to @Nick the man and to @dalemazza. There are tons of great hints in this thread already.

I don’t understand why this box has so many downvotes. You can easily find out e*******h commands from google, use those to dump all the info and then use grep on that to find the keyword the needle gave you. PrivEsc on this box is also really cool.

Make sure to change the filename at the very last stage of root if you change something on the file. And feel free to pm me for help.

Finally got user… Hunting for root

Edit: Rooted… PM me if you need help

Allllright stuck yet again.

Finally got Kibana. Now I’m completely lost. Any pointers at all would great.

any ideas on why i am getting “error 52 empty reply from server” after i curl anything after apis=

asked so many people and simply cannot work out what i am doing wrong

Type your comment> @dalemazza said:

any ideas on why i am getting “error 52 empty reply from server” after i curl anything after apis=

asked so many people and simply cannot work out what i am doing wrong

use quotes >> curl " http://som.url"

Type your comment> @smaxs said:

Type your comment> @dalemazza said:

any ideas on why i am getting “error 52 empty reply from server” after i curl anything after apis=

asked so many people and simply cannot work out what i am doing wrong

use quotes >> curl " http://som.url"

got the same error. i even swapped servers.

Type your comment> @dalemazza said:

Type your comment> @smaxs said:

Type your comment> @dalemazza said:

any ideas on why i am getting “error 52 empty reply from server” after i curl anything after apis=

asked so many people and simply cannot work out what i am doing wrong

use quotes >> curl " http://som.url"

got the same error. i even swapped servers.

An empty response which comes immedietly, may mean that something has connected to your nc. Have you tried a command in that box?

Also, it seemed to be a little like, once the exploit had been used, it’s unusable for the next person to come. I had that issue when i accidently closed my shell…

i’m root! tke to @thegoatreich for hint about rename file! and @k0zur3 for hint about root!!!

Finally got root. I really enjoyed this one. It would have taken me way longer if the forum here hadn’t suggested to go from s* user to k* user before heading to root. There seems to be some amazing minds here on htb.

user was easy stuck on root .

A tip that will save you from trouble and resets:

When you have ran the exploit, you can still use it again. However you can’t use it with the same path. Change its name and its still usable.

can anyone help me with ka , I am facing problem executing the J sh**