Mango

f*******r.com working in ana…php when connect to remote elasticsearch

Spent a lot of time by analyzing unnecessary stuff.
But like in real pentest you do not know in advance where is vulnerability hidden.

The same for root )

I think I found a user i*******y. Rabbit hole?

I’d suggest to at least hide somehow the external links on the box from hackthebox people. They could lead to misunderstandings and unintentional scans by mistake.

Found the login form and got the tables working, not seeing where to go next.

I am in the same spot after few hours of enum and recon…

I starting a very long query on elastic server, maybe need to ddos https://olap.flexmonster.com:9200 .

fm-entities has more than 470 000 entries

@rholas said:

I starting a very long query on elastic server, maybe need to ddos https://olap.flexmonster.com:9200 .

fm-entities has more than 470 000 entries

You definitely should not be DDoS’ing any boxes, especially ones outside of the HTB network.

Rooted
Big thanks to @v1p3r0u5 for help and also to @MrR3boot for great box. Learned a lot
@rholas I think a*******s.**p is not right path.

Type your comment> @clubby789 said:

@rholas said:

I starting a very long query on elastic server, maybe need to ddos https://olap.flexmonster.com:9200 .

fm-entities has more than 470 000 entries

You definitely should not be DDoS’ing any boxes, especially ones outside of the HTB network.

This is a hack the box server not outside, but currently near crash state

@rholas said:

Type your comment> @clubby789 said:

@rholas said:

I starting a very long query on elastic server, maybe need to ddos https://olap.flexmonster.com:9200 .

fm-entities has more than 470 000 entries

You definitely should not be DDoS’ing any boxes, especially ones outside of the HTB network.

This is a hack the box server not outside, but currently near crash state

Why do you think that? The rules explicity say not to hack anything outside of 10.10.10.0/24

Everything should be self-contained on the machine.

@rholas Sorry man, but @clubby789 is right, it’s definitely out of scope. Anyways, it’s ALWAYS prudent to check first. Don’t think DOS will accomplish anything here. But just in case could you confirm the scope on this @mRr3b00t ?

Type your comment> @HumanFlyBzzzz said:

@rholas Sorry man, but @clubby789 is right, it’s definitely out of scope. Anyways, it’s ALWAYS prudent to check first. Don’t think DOS will accomplish anything here. But just in case could you confirm the scope on this @mRr3b00t ?

This is run on 10.10.10.162 not outside

and skullkiddo sad to ddosing (4. comment)

@rholas said:

Type your comment> @HumanFlyBzzzz said:

@rholas Sorry man, but @clubby789 is right, it’s definitely out of scope. Anyways, it’s ALWAYS prudent to check first. Don’t think DOS will accomplish anything here. But just in case could you confirm the scope on this @mRr3b00t ?

This is run on 10.10.10.162 not outside

That’s the IP of the box. The IP of olap.flexmonster.com is 52.5.238.221, as seen by pinging it.

Type your comment> @clubby789 said:

@rholas said:

Type your comment> @HumanFlyBzzzz said:

@rholas Sorry man, but @clubby789 is right, it’s definitely out of scope. Anyways, it’s ALWAYS prudent to check first. Don’t think DOS will accomplish anything here. But just in case could you confirm the scope on this @mRr3b00t ?

This is run on 10.10.10.162 not outside

That’s the IP of the box. The IP of olap.flexmonster.com is 52.5.238.221, as seen by pinging it.

But why working in a hack to box page?
Open ./a…php
Select to connect to elastisearch, ok and load data

dudes. the box name is a hint. a big hint. it always is but in this case it’s an especially big hint. i think a lot of the google-ish stuff is a likely distraction but that’s just one opinion. focus on what you might be able to do to the datastores that might possibly be living behind the fruit(s). delicious fruits.

@rholas said:

Type your comment> @clubby789 said:

@rholas said:

Type your comment> @HumanFlyBzzzz said:

@rholas Sorry man, but @clubby789 is right, it’s definitely out of scope. Anyways, it’s ALWAYS prudent to check first. Don’t think DOS will accomplish anything here. But just in case could you confirm the scope on this @mRr3b00t ?

This is run on 10.10.10.162 not outside

That’s the IP of the box. The IP of olap.flexmonster.com is 52.5.238.221, as seen by pinging it.

But why working in a hack to box page?
Open ./a…php
Select to connect to elastisearch, ok and load data

The box uses flexmonster, which by default offers to connect back to the flexmonster website which has examples.

Could someone reassure me if bruteforcing is not needed?

Also, please don’t hack boxes outside of HTB (the pages refer to quite a few ones…) you might be committing a criminal offence…