Zipper

1679111215

Comments

  • edited November 2018

    @banteng999 yep , i try this ,but in final i used meterpreter for stabile shell .....but i hate to use msfconsole for box

  • To get a stable shell on the box... consider some other ways you might be permitted to run commands on Linux.

    ![Arrexel]

  • edited November 2018

    ok, this is doing my head in. The Zaix A shows two hosts, but if i execute commands on either of the hostid's , I get the same doc**r container host. Anyone fancy PMing me?

    Edit: NM, figured it out. Now to try and get a stable reverse shell

    alt text

  • @whipped said:
    ok, this is doing my head in. The Zaix A shows two hosts, but if i execute commands on either of the hostid's , I get the same doc**r container host. Anyone fancy PMing me?

    Edit: NM, figured it out. Now to try and get a stable reverse shell

    what did you figure out about this? Im in exactly the same boat.

  • edited November 2018

    I got the user aceess, but no permission to access user.txt.
    I found the way some services are runnid with S**D . but unable to exploit that .
    Need some hint on that

  • I just can't seem to execute my script in the "right place". I see the two "places" I can execute scripts. I made a script in the GUI as Super Admin with the right "place" set but where in the hell is the "Execute script" button?! haha

  • I need a nudge on getting out of this docker container situation... 2 days now with no dice. Im in the "wrong" place and can't get my shell to execute on "server" instead of "agent". I can add a script in the GUI but no idea how to get it to execute

  • Fight for root flag, my brain damage , need nudge LoL

    banteng999

  • > @Djinn45SQL99 said:
    > I need a nudge on getting out of this docker container situation... 2 days now with no dice. Im in the "wrong" place and can't get my shell to execute on "server" instead of "agent". I can add a script in the GUI but no idea how to get it to execute

    If you're in the GUI, and you can create a script then it should be right in front of you. Take a look at each of the options you have when creating a script

    alt text

  • I'm obviously missing something, only 2 ports open and port 80 is default apache page. Everyone talking zabbix, I see nothing.

  • Guys, please. I am crazy with root.
    I got user in little time, but root dont
    PLEASE! Any nudge?
    I tried reverse shell, edit files in both servers, and many other things.
    PLEASE! Thank you.

  • @whipped said:
    > @Djinn45SQL99 said:
    > I need a nudge on getting out of this docker container situation... 2 days now with no dice. Im in the "wrong" place and can't get my shell to execute on "server" instead of "agent". I can add a script in the GUI but no idea how to get it to execute

    If you're in the GUI, and you can create a script then it should be right in front of you. Take a look at each of the options you have when creating a script

    yes I see the option but I fail to understand how to make it execute once it's made. Trigger?

  • if you were able to get inside using GUI then you can do it also to get the script run. Think how you get inside and it’s the same thing with executing the script the only difference is the parameters hope this helps

    32x0LF

  • edited November 2018

    --removed--

  • edited November 2018

    --removed--

  • I have found the username and password but am struggling how to log in as the GUI won't let me and other tools in Metasploit don't seem to work either. Could someone PM me a hint of what tool I need? Thanks

  • Thanks Got Root and user

    32x0LF

  • Can someone please PM about root?

    OSCP

  • can some one pm me a nudge on making my reverse shell stable?

  • Anybody willing to help me?
    I am at the login right now, used c**l to gather all the words it could find. Made wordlists out of those and then used Hydra... but... there wasn't a single valid combination....

    center

  • If anyone is struggling, feel free to PM me.

  • edited December 2018

    @whipped said:
    ok, this is doing my head in. The Zaix A shows two hosts, but if i execute commands on either of the hostid's , I get the same doc**r container host. Anyone fancy PMing me?

    I am on the same boat as you were. Can you PM me a hint how you did it??
    I got it. thx @banteng999 now onto user
    if anyone has the same problem, pm me

    EDIT: Got root. Thx to everybody who helped me and if anybody needs a nudge, PM me

  • Haha! It is fun interacting with this stuff but I'm still trying to access user.txt using the credential I found on its website but every time I run the command, it always return Permission Denied. I also managed to create an admin account but cannot find a way to connect it to host. Did I missed something? I'm already inside zabbix eh :/ but cannot cat user.txt :(

  • can someone give me a pm? I need some help on the initial stages with the zab * cl *

    Hack The Box

  • @mannivw said:
    I'm obviously missing something, only 2 ports open and port 80 is default apache page. Everyone talking zabbix, I see nothing.

    Maybe you need to widen your search

  • edited December 2018

    Thx for this box!!! is more dificult get into the box than privesc

    Tips:

    • User: The user is in your face (Don't need brute nothing). All you need is in the documentation. You don't need exploits
    • Root: Spoiler Removed - egre55
  • edited December 2018

    Someone so kind I could do a pm I would need a guide on how to handle the script part, I managed to activate the gui of the 'user I found and read the bees, but not having experience I do not know how to proceed, + respect for the help

    the only thing I have in my hand is an exploit that uses the jso * method and gives me a shell but always on zabbix

    Hack The Box

  • Rooted this box. Privesc was much more easy then user for me. If anyone needs help feel free to PM me :)

    Baikuya
    OSCP

  • Rooted. Also took me much longer for user than for root.
    At least the documentation is fantastic. Well worth the read for initial access.

    Hack The Box

  • Rooted. Thank you very much to @fjv @eRaMvn and @Baikuya

    If you need help, let me know!

Sign In to comment.