Haystack

Type your comment> @iditabad said:

Got user - struggling with root. Anyone able to provide any hints on where to go once I get the user flag? Or is root via another entry point entirely?

It’s vaguely related and as opposed to user it’s actually the sort of thing you’d expect to find on a site named ‘hack the box’.

Type your comment> @1NC39T10N said:

I’m so close to root. I see “comando”, but am having problems triggering it. Can someone who has completed this step DM me.

There are three files in there. If you put the three together, you’ll get it.

EDIT: Nevermind, answered my own question.

Type your comment> @iditabad said:

Type your comment> @h6x said:

Type your comment> @iditabad said:

Type your comment> @h6x said:

Dumped the whole db too but can’t find anything useful. This box is driving me nuts…

The whole e***********h db? All of the indices? You can desbloquear a couple good secrets from in there.

Might be that the tool I used didn’t get everything out. Got stuff from a few different indices. Can those secrets be dug out without translating?

You can identify them without translating, yes. It’ll be easier if you know what you’re looking for though - there is a big hint via port 80.

Got 'em! Thanks for help!
Still didn’t get the hint in the port 80 though. :smiley:

Hints for this box:

User - The name of the box and other various hints strewn around should give you general idea. This part is pretty CTFish. As alluded to in earlier comments, there’s a hint which will save you some time on one of the other ports.

Root - Congrats, you’ve survived more of the joy of CTF boxes. Start over and enumerate what’s on the box. With the additional access you have at this point, are things you may have considered before possible now? This part is much more like what most of us are here for, get back to basics.

now how exactly is this considered an easy box while Jarvis is considered a medium box? These ratings are all over the place, and have been for several of the past boxes like Arkham and Unattended.

Type your comment> @will135 said:

now how exactly is this considered an easy box while Jarvis is considered a medium box? These ratings are all over the place, and have been for several of the past boxes like Arkham and Unattended.

Seconded. There really needs to be a new dynamic rating system similar to what recent CTFs are doing.

Still stuck on that rubber thingy…

Rooted. Learned a lot about ELK. Very fun box! Thanks @JoyDragon!

I personally think this box should be lower end of medium as opposed to upper end of easy.

@will135 said:

now how exactly is this considered an easy box while Jarvis is considered a medium box?

As someone who has submitted two boxes I can tell that it is really hard to rate the box difficulty. You spend so much time on the box: during design phase where you think about what you want to include (and probably this is something you already know and what you know is considered easy) and during the build phase (where you build it and over and over test the box).

Moreover there is the huge difference in the community: some have been here for year(s), some are new. Some are experienced and some are newcomers in IT, operating systems, InfoSec…

I am pretty sure that boxes are seen easier than they are by the creators.

For sure you could try to factor this in during box submission. This is what @AuxSarge told me he did with Fortune: he made it an Insane one. He picked Insane because of the feedback he got on Ypuffy. The box is rated hard “only” by the community. As you can see this is not an easy task you have. I’d say only thing that is more difficult than that is to pick the trophy quote you have to submit with the box :joy:

You can add: there is a review process by HTB why won’t they re-rate it. As they do not do a black box test but have a writeup they can follow and they have been in the HTB business quite long they will have the same challange with difficulty rating. Bet if rating was really off they would correct it.

Last but not least: I found the author difficulty rating of a box only gives a first impression about what you will find. After some owns the ratings of the community will give a pretty good impression what the box really is about :slight_smile:

What are you guys doing about the rubber band ?

Finally Rooted!!!

Thanks to @geordish @cof123 @“Nick | Int” for the root part and few other players, in fact too many of them i cant list it all out. But thank you, enjoyed the time when we worked together across different timezones.

Hints:
User: google translate is your friend, but dont rely it too much, sometimes you do not need it. This part is like CTF ish, so go ahead to process the image, unload the hint and use bit of brain power on the hint.

Root: there are 2 more steps to root after you gain access to the user part. The CVE is not really the CVE exploitable thing, it just tells you the vulnerability, go back to square one if needed and to regain access to the server. Once success, look for some build in features that cause the vulnerability and keep testing it, if necessary, use some online debugger tools to debug it, it can save you some great amount of time.

Good Luck!

veo lo que hiciste alli :blush:

Found a password in the DB! But no idea where to use it. Is it S**?

need help on this dm please

Type your comment> @scottrainville said:

I’ve dumped the entire database and so far found nothing useful.

Dirscanned the sites by IP and hostname, zero results and seems like no virtualhost routing. Haven’t found any software commonly exploitable.

Should I just keep looking at the database? I’m hoping I don’t have to copy/paste and translate all that spanish.

EDIT: Got it. Just need to find a username.

same. Got anything on the username?

Type your comment> @cr7thehacker said:

Type your comment> @scottrainville said:

I’ve dumped the entire database and so far found nothing useful.

Dirscanned the sites by IP and hostname, zero results and seems like no virtualhost routing. Haven’t found any software commonly exploitable.

Should I just keep looking at the database? I’m hoping I don’t have to copy/paste and translate all that spanish.

EDIT: Got it. Just need to find a username.

same. Got anything on the username?

Once you find the password, the username is very close by… same method just different location in the file :).

Spoiler Removed

User: you should properly not safe your user and pwd in a public DB.

Got User ! Interesting. DM for help

Type your comment> @fuZZynat0r said:

User: you should properly not safe your user and pwd in a public DB.

Hey it was encoded! :lol: