Zipper

13468915

Comments

  • i have a rev shell on zipper but dont know what to do next. found bac**p.s* and i am trying to do something with it but i got no luck. could somone pm me or help me??

  • There is a editor called e* which was running as r***. Why am i not able to get root directly?

  • Rooted this really interesting box! PM if you need :)

  • I found the hardest part was guessing the username/password combination for the service - once you've looked at the available information from the guest account, it pays to think simple. Clearly the user is not very security conscious at all ;)

    After that, I found everything very straightforward. Hints:

    • read the documentation for the service, there's a certain item there that will help you get RCE (it helps if you know how monitoring systems with agents work);
    • getting a stable shell can require a bit of fiddling - think about what happens if your command runs again;
    • getting from one user to another is easy - remember, they're not very security conscious and you might find some things to help you become them;
    • there are some simple techniques that help you find out what an unknown binary does;
    • there is a very common security vulnerability in executables that run other executables.
  • edited October 2018

    Creating your own username and password instead of the current ones is probably the hardest thing in this box.

    Maybe the first RCE can be challenging but user is straight forward from there and root was FUN.

    EDIT: someone was claiming that root is possible without getting user. I would love to learn how can that be accomplished if anyone was able to really do this.

    Hack The Box

    OSCP | GPEN | CREST CRT | eCPPTv2 | GWAPT | CREST CPSA | ACE

  • Got root...
    It's relatively easier than user :+1:
    I liked the way it was done.

  • So I found a service and I was able to get a list of valid endpoints in such a service. However, every time I try to access those endpoints, I get a message saying error connecting to database.

    Am I in the right path? I can't find anything else of interest, but that also seems like a deadend. Any hints?

  • @AgustinCB said:
    So I found a service and I was able to get a list of valid endpoints in such a service. However, every time I try to access those endpoints, I get a message saying error connecting to database.

    Am I in the right path? I can't find anything else of interest, but that also seems like a deadend. Any hints?

    That sounds like somebody broke something. Try a reset.

  • Hi Guys,

    Been hammering away at this for sometime now and I'm starting to think I'm in a rabbit hole. Getting "No permissions to referred object or it does not exist!" error when trying to execute the shell I created. I'm being vague so I don't spoil it for everyone else, I think it's because I'm not defining the "hostid", but I can't seem to extract this from the system anywhere. PM me if you have any suggestions. Thanks

    GreysMatter

  • Thanks to a nudge from tty I've managed to root the box. User/Root is straight forward. Good box overall. PM if looking for a nudge.

    GreysMatter

  • right, I have some sort of access, aparently in the "wrong place" as I cannot see user.txt. but I don`t understand the whole "Wrong place/right place" thing Anyone want to give me a clue?

    Parttimesecguy

  • ok found the 'right place' but not sure how, then from my reverse shell it worked out easier to ding root and then run around and collect all the flags :)

    Parttimesecguy

  • Can someone PM me about what to do after finding the first set of creds obtained from the site. I just can't find any use for them and im having no luck with anything else :(

  • one of the interfaces is unavailable what are the other interfaces ?
    what is the lowest level one that other are build upon ?

    sajkox

  • I found login page and i used the hydra but it is not worked . I couldn't go any further. Can you help me ?

  • edited October 2018

    Take a look at the guest interface, it is basically all you need.
    Re-read this thread, some great advice in here. (As always! :smiley:)

    Recently found the user.txt, now going for root!

    edit: got root!

    avoidy

  • Hi all, hopefully someone can explain me something via PM. I accessed the host but landed in a random hostname (I know what that thing was) - After poking around I found nothing and disconnected. Few minutes later I accessed the host again and landed on the real host, where I found the user. What happened there?

    OSCP


    0x23b

  • @0x23B said:
    Hi all, hopefully someone can explain me something via PM. I accessed the host but landed in a random hostname (I know what that thing was) - After poking around I found nothing and disconnected. Few minutes later I accessed the host again and landed on the real host, where I found the user. What happened there?

    I assume you used specific tool found on github ? read it's details again. You will find out it's just a tool on top of something more basic - then read its (this more basic thing) documentation and do it manually having full control over what happens rather than relying on other people to set up things for you.

    if you are using sth else then it might either have more options that you haven't used or it's simply missing required configuration options for you to control where you 'connect'

    hope it makes sense

    sajkox

  • I always encounter "GUI access disabled." when the box is reset by other users when I was logged in. Anyway to solve this problem?

    samiux

  • That is the intended way, people seem to open up the GUI via config, eventhough there is no need.

    Think on a lower level!

    avoidy

  • @avoidy said:
    That is the intended way, people seem to open up the GUI via config, eventhough there is no need.

    Think on a lower level!

    I cannot login via the GUI since yesterday. Any hints?

    samiux

  • @samiux said:

    @avoidy said:
    That is the intended way, people seem to open up the GUI via config, eventhough there is no need.

    Think on a lower level!

    I cannot login via the GUI since yesterday. Any hints?

    to reiterate previous poster: DO NOT USE GUI

    And my previous post:
    "one of the interfaces is unavailable what are the other interfaces ?
    what is the lowest level one that other are build upon ?"

    sajkox

  • Rooted!
    I really liked this box. I learned allot about talking to the service running on this box. Once i got a shell i actually overlooked something obvious in a script, so getting user took longer then needed.
    Root was pretty easy (after some googling), but stil learned something new.

  • Rooted!!

    Nice box.. I was overthinging a LOT before I finaly got USER (thanx to @Phrenesis2k). Then root is just NOT overthing......

    Learned a lot (again)

  • Just want to understand why "GUI access disabled" is there? I do not know about Zabbix. Anyone can explain?

    samiux

  • So I've spent a significant amount of time working with the "lower interface" and have gathered a lot of information, but seem to be spinning my wheels. I always end up in the "wrong place" despite trying different identifiers (one of which seems like it should work). I think I know what's happening, but am not sure what I should be doing differently. Any thoughts?

  • @scarrenor said:
    So I've spent a significant amount of time working with the "lower interface" and have gathered a lot of information, but seem to be spinning my wheels. I always end up in the "wrong place" despite trying different identifiers (one of which seems like it should work). I think I know what's happening, but am not sure what I should be doing differently. Any thoughts?

    Try fiddeling with the hostid parameter (you can get it via that lower interface).
    Alternatively I think theres a flag like execute_on.

    avoidy

  • I need some right direction. Mad trying to get a valid user to enter to web page. On the other hand guest allows me to get some limited information with js** API

  • edited November 2018

    -

  • > @samiux said:
    > Just want to understand why "GUI access disabled" is there? I do not know about Zabbix. Anyone can explain?

    I'm guessing that the creator doesn't want you to solve this through the gui. Or if you're asking why zabbix has this feature, it can be used during maintenance for example.
Sign In to comment.