HackTheBox - Haystack

00:54 - Begin of Recon find Elastic Search on 9200 02:00 - Checking the exif data in the image, nothing interesting, but showing FF changes some metadata when downloading (foresnic tip) 03:55 - Navigating to port 9200 and seeing the Elastic Search JSON Response 04:48 - Searching Elastic Search Documentation to see how to make queries 06:00 - Using /_cat/indices to see the “tables“ withing ES 07:37 - Using /quotes/_search to dump the Quotes indicy, then using jq to extract desired data 13:20 - Lets switch over to Python to extract this data so we can translate this into English 17:00 - Installing googletrans, so our script can translate this. Using python3 cli to test this out 20:10 - Adding googletrans to our script 21:10 - Running our script to translate everything and then using grep to “find the needle“ 22:50 - SSH'ing to the box with the security user 24:00 - Running LinEnum, noticing kibana listening on 5601 28:15 - Creating a Local Port forwar