Zipper

About this one? Any clues?

Any get past login page?

I did guest login but I don’t see any useful data yet

Me too… couldn’t find anything either. Other ideas?

brute-force with hydra maybe?

I can confirm that hydra was useful for me …
Edit: with custom userlist and wordlist. Admin or rock u will take u nowhere

@sajkox said:
I can confirm that hydra was useful for me …

■■■■, I can’t get it to work

So, there are hours that I’m playing with the A** of the service and running hydra on multiple users. Seems I’m missing something. Any hint /PM is deeply appreciate :slight_smile:

Is guessing the solution to find login page or maybe dirbuster can do something?

@9999volts said:
Is guessing the solution to find login page or maybe dirbuster can do something?

Enumeration took a while for me to finally find something. Let your enum run for a bit, it’ll pop up.

hi all - my inbox blew out a little bit overnight :slight_smile:
Please note I’m always happy to help but will never give working solutions out - it’s against the rules.
There might be other ways to ‘get in’ but I just said hydra worked for me. Get familiar with what you see as a guest and be creative with your user/pass wordlists - as you should always be if nothing else works. Also don’t go crazy with full rockyou, that would be unnecessary load on the box.

I will try to look at the inbox later - sry busy day and cant just now
GL

@sajkox said:
hi all - my inbox blew out a little bit overnight :slight_smile:
Please note I’m always happy to help but will never give working solutions out - it’s against the rules.
There might be other ways to ‘get in’ but I just said hydra worked for me. Get familiar with what you see as a guest and be creative with your user/pass wordlists - as you should always be if nothing else works. Also don’t go crazy with full rockyou, that would be unnecessary load on the box.

I will try to look at the inbox later - sry busy day and cant just now
GL

That’s what you get for posting a comment with little context haha.
That being said, your follow up comment was perfect, it should be very clear to everyone with out being a big spoil. Thank you for keeping it fair.

Don’t forget everyone, its rare for a creator to overlook something like a guest login, its there for a reason.

@Rantrel said:

@sajkox said:
hi all - my inbox blew out a little bit overnight :slight_smile:
Please note I’m always happy to help but will never give working solutions out - it’s against the rules.
There might be other ways to ‘get in’ but I just said hydra worked for me. Get familiar with what you see as a guest and be creative with your user/pass wordlists - as you should always be if nothing else works. Also don’t go crazy with full rockyou, that would be unnecessary load on the box.

I will try to look at the inbox later - sry busy day and cant just now
GL

Don’t forget everyone, its rare for a creator to overlook something like a guest login, its there for a reason.

THIS.

Pay attention at what you read, the info you need is right there. Also, PrivEsc shouldn’t take more than 10 minutes.

Doing zipper right now, if any one wants to PM me a hint OR leave a msg on the forum.

-At login Page-

I think about an user starting with Z… Just im trying rockyou against hehe.

Unable to execute the exploit, it throws me a ValueError error.

So, just rooted this machine, I really had a lot of fun, thanks to the creator.

Here some hints:

FOR INITIAL FOOTHOLD:

When this machine came out, I saw a difficult of 8 and I tried all esoteric things I can think out. I assumed the machine was hard, so stupid things just cannot works.
I was wrong! Keep things simple: everything is in front of your face.

NOTE: If you are facing problems with Hydra syntax, test it against your local proxy or try xhydra, the GUI version.

FOR USER:

Read the documentation and try to send custom requests until you understood well the app jargon and how each component works.
There are more than one way to do the same thing, and if you doesn’t work, try the other.

FOR ROOT:

Nothing fancy: a very common ‘method’ of privesc, typical in a lot of CTF challenges. Again, keep things simple.

Please lower your hydra threads please, you are DDOS’ing the box by holding all of the database connections.

Is hydra neccesary? Maybe a small list or just guessing.

No hydra is not necessary, and if you want to use it, no need for a big list but a custom one from what you can read on the webapp.