Zipper

145791015

Comments

  • > @n1b1ru said:
    > I need some right direction. Mad trying to get a valid user to enter to web page. On the other hand guest allows me to get some limited information with js** API

    As mentioned before in this thread, there is no need to login to the web page.
  • edited November 2018

    Well guest doesn't allow me to interact with ****. I think the RCE is related with **** and the posibility to upload scripts. Anyway I cannot do it

  • Why am I suddenly able to user the admin password I used before ??? waouh , this mahcine is super weird

  • edited November 2018

    @n1b1ru said:
    Well guest doesn't allow me to interact with API. I think the RCE is related with API and the posibility to upload scripts. Anyway I cannot do it

    Spoiler Removed - Arrexel

    @kienast said:
    Why am I suddenly able to user the admin password I used before ??? waouh , this mahcine is super weird

    If you are on free, perhaps because people keep messing with it.

    avoidy

  • @kienast said:
    Why am I suddenly able to user the admin password I used before ??? waouh , this mahcine is super weird

    because someone changed the config

    I believe all the questions in this topic are going in a loop now - everything possible was already said. There are tons of hints for every possbile situation. Any issue or weirdness you see was already discussed.
    Imo quite a few comments are already way too spoilery as well ....

    sajkox

  • @avoidy said:

    @n1b1ru said:
    Well guest doesn't allow me to interact with API. I think the RCE is related with API and the posibility to upload scripts. Anyway I cannot do it

    Find a valid login and generate an auth token.

    A valid user for web page ??

  • I need some assistance with the A**,

    Can someone PM me, I'd appreciate it.
    I think my syntax needs a second opinion.

  • @PHunHouse said:
    I need some assistance with the A**,

    Can someone PM me, I'd appreciate it.
    I think my syntax needs a second opinion.

    If you're still having problems with the A** you can PM me, but the z****x website has great documentation about it with nice examples.

  • @n1b1ru said:

    @avoidy said:

    @n1b1ru said:
    Well guest doesn't allow me to interact with API. I think the RCE is related with API and the posibility to upload scripts. Anyway I cannot do it

    Find a valid login and generate an auth token.

    A valid user for web page ??

    For the A** access...

  • edited November 2018

    @Phrenesis2k said:

    @n1b1ru said:

    @avoidy said:

    @n1b1ru said:
    Well guest doesn't allow me to interact with API. I think the RCE is related with API and the posibility to upload scripts. Anyway I cannot do it

    Find a valid login and generate an auth token.

    A valid user for web page ??

    For the A** access...

    ok. I tried it but with no success. Anyway A*** gave me just a valid user

  • Hey, I'have a reverse shell, but I think in th wrong place. Can some one PM me ? I just want know if I have to escape this place or try an "over place"

  • Anyone ever actually use that application. I am starting to look into it. Looks pretty awesome

    tobor
    Gods make rules. They don't follow them

  • This one was fun. Getting a good foothold was the hardest.

  • Anyone is willing to be PMed? I have some questions about the box. I do not familiar with Zabbix.

    samiux

  • @samiux said:
    Anyone is willing to be PMed? I have some questions about the box. I do not familiar with Zabbix.

    Sure, send me a message.

    avoidy

  • Hi, I am wondering how people managed to find the CMS, I tried using dirbuster, gobuster with using keywords generated with cewl from the initial page.

    Thanks

  • Enjoyed the box. Thanks to the developer for creating it. More than enough hints to get this box. PM me if you need guidance.

  • For god! Stop resetting the box every 5mins.....

  • Humans, please do not keep on resetting the server. It will not help. It is very annoying...

    Anyways, got the root access, thanks to some nudge from @fjv @sajkox and @avoidy .

    Hint for user: No need of using hashcat, it is just right infront of your eye, and resetting the server wont get you user.txt.
    Hint for root: Again, something is just right in front of your eye...

    Arrexel

  • Just rooted the box. Really fun priv esc.
    Thanks for box :)

  • So I have user, just struggling on priv esc, any hints please? All these resets are killing me

  • Any hint to have user?

    samiux

  • Super stuck on this i have the GUI access disabled. account but from there i have no idea where to go... i have tried some exploits but when i try to do anything get this error "No permissions to referred object or it does not exist!"

  • @marshy said:
    Super stuck on this i have the GUI access disabled. account but from there i have no idea where to go... i have tried some exploits but when i try to do anything get this error "No permissions to referred object or it does not exist!"

    Sent you a PM :)

  • also got r00t before us3r...🤔

  • Did anyone mange to use Zax exploits which are available via searchsploit? I tried to use them but all without success. So now I wrote custom python script to communicate with Zax A*I and I'm trying to figure out (via Za***x documentation) how to send/execute script on server.

  • I finally got root. I learned a lot about the service running on this machine. It was not an easy one especially for user shell. I still think root is easier than user. Please feel free to PM if you need a hint.

  • edited November 2018

    Should i try to login into admin page or is there something else that i missed? I'm a bit new.
    Edit: Got it

    Hack The Box

  • @Sixpon said:
    Should i try to login into admin page or is there something else that i missed? I'm a bit new.

    read this post in full - you will know

    sajkox

  • @Sixpon said:
    Should i try to login into admin page or is there something else that i missed? I'm a bit new.

    Try to guess at the begining, maybe the Guest user could give you kind words n.n

    If it didn't make sense, PM me ;)

Sign In to comment.