Haystack

lackofgravitas · July 29, 2019, 2:03pm

I had the K* user exploit working this morning, and now, trying the same thing, using random file names…it’s not.

sazouki · July 29, 2019, 4:53pm

i used one debugger online and get correct syntax and placed l****h_ but i didnt get any response
can someone pm me to check my syntax thx

59c10p5 · July 30, 2019, 3:14am

Type your comment> @MrBreadcrumbs said:

Hey yall, looking for a nudge on user. I have seen the hints in the image, I can view everything on the high port and I have seen two candidates for a password. Unfortunately I cant seem to find a username! I see people say it should be near the password but I can’t seem to track it down. A push would be greatly appreciated!

encode the “username” . and the try find the encode string to get the username

kaosneverdied · July 30, 2019, 5:21am

Rooted!

USER: was fun. I’ve never done that kind of ctf scenario before with clues and puzzles. I felt like I was in the original batman. using the installable tool for processing that kind of db was a big help.

ROOT: What a faff. waiting on the reverse shell was like waiting on Father Christmas. tip: I spent ages getting root because I was putting the cart before the horse. When you’re organizing your attack be sure that when you’re structuring it, you’re not mistaking the structure of the output for the structure of the input. when that penny dropped it was easy.

Also, when I was trying to root some users kept changing my files. If you find a script on the box in a hidden folder that looks like a reverse shell it’s probably another users. I don’t mind people reading or copying my scripts. But don’t alter them when I’m trying to fire them. MAKE YOUR OWN WORKING DIRECTORY

Thank you to those who helped me get unstuck at k***** @PanamaEd117 @knowyourenemy and @TimW94
and thank you @joyDragon for a fun box!

lackofgravitas · July 30, 2019, 11:17am

Rooted. Did have problems with things not working as expected all the time.

Dorsky · July 30, 2019, 11:30am

stucked on root, cant get k****a user, upload shell but it doesnt work, help pls

sazouki · July 30, 2019, 4:06pm

rooted && , learned new things about banana and g70k

ixxelles · July 30, 2019, 4:10pm

User was not so difficult . Now will see for root.
For user : Just dump and use hint from port 80

sazouki · July 30, 2019, 4:12pm

Type your comment> @ixxelles said:

User was not so difficult . Now will see for root.
For user : Just dump and use hint from port 80

i didnt dump anything just one query with the key word and i got the username and password together

Achille · July 30, 2019, 5:05pm

Hi everyone,

I liked this machine! User was quite easy, the first part of root was nice but the final stage of root was really painful to me!!

Anyway everything to get user and root was already said in the forum, but if you need help or just a little hint you can PM me!

Hack The Box

TheInnocent · July 30, 2019, 5:49pm

Rooted.

User hint: the sintax to dump all the db, could be not sufficient to dump the particular info you need…try with a specific query.

Root hint: after pivoting, keep your eyes on the ELK mechanism. You’ll easily notice something interesting, then the whole point will be using the right sintax.

oannes · July 30, 2019, 8:19pm

I got the user part but cannot get past this error saying 400 bad message and a**s is a parameter that I need to use when trying to pivot to another user (k****). Kinda new to this stuff fellas, any help is much appreciated
*nevermind, on my way to root

got it, many many thank yous to @cmoon

cmoon · July 30, 2019, 8:50pm

Finally got root. A bit annoyed on the syntax with the filter… Anyone know why the extra space was needed despite the doc stating that it should be no space?

Feel free to pm for hints for root or user.

Tugzen · July 31, 2019, 7:14am

ı am trying to getting root. I edit these files g*** filter and in***.c*** and otut.c*** ,but ı am not sure it is working cause I can’t restart the lo**tash service.PM me for hint please

sazouki · July 31, 2019, 7:33am

Type your comment> @cmoon said:

Finally got root. A bit annoyed on the syntax with the filter… Anyone know why the extra space was needed despite the doc stating that it should be no space?

Feel free to pm for hints for root or user.

it’s regex \s* mean 0 or more space and \s+ mean 1 or more space

six2dez · July 31, 2019, 7:39am

Rooted! PM if you need help

x67sv · July 31, 2019, 9:38am

DM for root help please… I can’t spawn shell cause of g**k

br4nd0p4r7124n · July 31, 2019, 12:55pm

rooted, if need help pm me

UberRogue · July 31, 2019, 1:32pm

Type your comment> @cmoon said:

Finally got root. A bit annoyed on the syntax with the filter… Anyone know why the extra space was needed despite the doc stating that it should be no space?

Feel free to pm for hints for root or user.
If you look closely it is lowercase. Not uppercase.

madneal · July 31, 2019, 1:34pm

Can anyone give me hints to privesc to user kiba*? Thanks. PM me.