Haystack

nikostz · July 31, 2019, 2:38pm

Hello! I am quite stuck on trying to get user. I have enumerated the db but I do not think I have found anything useful. Any possible nudge?

Tugzen · July 31, 2019, 2:41pm

Rooted.Crazy hard priv escalation for me.Thanks to the guys who had give the hints for me to get root @sazouki @LordImhotep @cmoon @six2dez

If need a nudge,feel free to PM.

x67sv · July 31, 2019, 4:22pm

Rooted if need help PM me.

shellroot · July 31, 2019, 10:08pm

Anyone who knows what to do in the logst**h_* file please DM me.

m2Giles · August 1, 2019, 1:26am

Looking for a nudge on root. Currently dealing with ambiguous redirection. Any help would be appreciated.

TheEld3r · August 1, 2019, 5:34am

Stuck root. I got a shell, but since I know nothing of 37K, not sure what I am looking at. I see I have more access to look a the yml. but still have no clue what I am looking for. Any help to get me to look at something. Right now just hitting the wall. Been on this all week.

DeepStorm · August 1, 2019, 8:35am

Rooted
It’s was a crazy box, I wrote the same code approximately 30 times
If your code doesn’t works try to reset the box.

Rayz · August 1, 2019, 8:51pm

can someone drop me a hint how to escalate to K***** with the ■■■■■■ L*I?
icant make the ■■■■ thing to work.

m2Giles · August 1, 2019, 11:25pm

rooted. don’t try to do too much with the g*** f***** or you may get ambiguous redirection or other weird errors.

z3r0pwn3r · August 2, 2019, 3:32pm

I need help please someone ping me

Cl0wnK1n9 · August 3, 2019, 3:17am

I stuck on root I alread got kibana user anyone can give me a hint pls

losttroll · August 3, 2019, 5:43am

Wow, just got root. That was something. Thanks to all of the root tips on the previous pages, they really helped. PM if you need some hints.

madneal · August 3, 2019, 6:38am

Finnaly got the root. Know the basics of kibana and logstash is important to get root. May you can try it in your local environment. It’s not difficult to establish ELK in local.

DarkCoderSc · August 3, 2019, 9:05am

User = It definitively deserve to read all quotes for something not so spanish

Root = Elevate your priv to another user. What can you do with this user you could not do before (read then write) ?

Nice machine ! thanks for the author !

MetinYigit · August 3, 2019, 1:31pm

hi guys,
i got a user (ki****) on the system, but i am stuck in root, how to i escape from that user ? any hint ? , pm please

EDIT : Never mind, Got rooted

d0n601 · August 3, 2019, 6:03pm

I’m trying to pivot to the k*****a user using the CVE but I’m stuck on

{"statusCode":400,"error":"Bad Request","message":"\"a**s\" is a required param."}

Can anyone PM me with a nudge on this?

EthicalHCOP · August 3, 2019, 10:38pm

Type your comment> @d0n601 said:

I’m trying to pivot to the k*****a user using the CVE but I’m stuck on

{"statusCode":400,"error":"Bad Request","message":"\"a**s\" is a required param."}

Can anyone PM me with a nudge on this?

i got :
Empty reply from server

smidgey · August 3, 2019, 11:47pm

wooooo rooted. Really enjoyed playing with the stack, learned a bunch of stuff. Didn’t much enjoy sifting through the haystack but c’est la vie

GfxMonster · August 5, 2019, 7:44am

I believe i might have the syntax for the l******* file right but i’m unsure on how to make it run?

rooted: finally but i don’t think it was the best way i could of achieved it. would love to hear how everyone else did the last step.

0xM3gaByt3 · August 5, 2019, 4:36pm

Type your comment> @MaDMoLe said:

Type your comment> @Tilia said:

You would have never figured out that the higher port works as a database, you figure out this reading these posts in the thread. Now a simple question: everything you can get doing basic recon on the box - running dirb, for example, will only give you unavailable “directories” and a couple of available ones, and when you try to access them, you see nothing. There would be no problem if it would not be a nginx server but some node js. And again folks post “that helped me so much”-like comments thinking it is helpful, but it is more confusing I would say. So yeah, I would have probably never figured out that the higher port works as a database unless some of you posted this, because there is literally no any single pointer to this, and it contains literally useless garbage, nor anything useful giving me an idea about how to extract data.

Some guys find this box frustrating, and the main problem of this is that it’s rated as a simple box and requires hard work. You were probably expecting that you would own the box in 30 minutes after its release or so, but no, there you go.

I am sorry if you guys find this post a toxic one. But that’s exactly what happens in my mind right now. It’s not a tragedy, but I can’t find a foothold to get user at least.

When you got the user you realize it’s easier than you ever though.
Just squeeze all the info you can get from the needle. Do not overthink as I did.

That was actually a great hint, it was really easier than I thought! thanks for the user hint now I just need to gain root