Zipper

So I’ve spent a significant amount of time working with the “lower interface” and have gathered a lot of information, but seem to be spinning my wheels. I always end up in the “wrong place” despite trying different identifiers (one of which seems like it should work). I think I know what’s happening, but am not sure what I should be doing differently. Any thoughts?

@scarrenor said:
So I’ve spent a significant amount of time working with the “lower interface” and have gathered a lot of information, but seem to be spinning my wheels. I always end up in the “wrong place” despite trying different identifiers (one of which seems like it should work). I think I know what’s happening, but am not sure what I should be doing differently. Any thoughts?

Try fiddeling with the hostid parameter (you can get it via that lower interface).
Alternatively I think theres a flag like execute_on.

I need some right direction. Mad trying to get a valid user to enter to web page. On the other hand guest allows me to get some limited information with js** API

@samiux said:
Just want to understand why “GUI access disabled” is there? I do not know about Zabbix. Anyone can explain?

I’m guessing that the creator doesn’t want you to solve this through the gui. Or if you’re asking why zabbix has this feature, it can be used during maintenance for example.

@n1b1ru said:
I need some right direction. Mad trying to get a valid user to enter to web page. On the other hand guest allows me to get some limited information with js** API

As mentioned before in this thread, there is no need to login to the web page.

Well guest doesn’t allow me to interact with ****. I think the RCE is related with **** and the posibility to upload scripts. Anyway I cannot do it

Why am I suddenly able to user the admin password I used before ??? waouh , this mahcine is super weird

@n1b1ru said:
Well guest doesn’t allow me to interact with API. I think the RCE is related with API and the posibility to upload scripts. Anyway I cannot do it

Spoiler Removed - Arrexel

@kienast said:
Why am I suddenly able to user the admin password I used before ??? waouh , this mahcine is super weird

If you are on free, perhaps because people keep messing with it.

@kienast said:
Why am I suddenly able to user the admin password I used before ??? waouh , this mahcine is super weird

because someone changed the config

I believe all the questions in this topic are going in a loop now - everything possible was already said. There are tons of hints for every possbile situation. Any issue or weirdness you see was already discussed.
Imo quite a few comments are already way too spoilery as well …

@avoidy said:

@n1b1ru said:
Well guest doesn’t allow me to interact with API. I think the RCE is related with API and the posibility to upload scripts. Anyway I cannot do it

Find a valid login and generate an auth token.

A valid user for web page ??

I need some assistance with the A**,

Can someone PM me, I’d appreciate it.
I think my syntax needs a second opinion.

@PHunHouse said:
I need some assistance with the A**,

Can someone PM me, I’d appreciate it.
I think my syntax needs a second opinion.

If you’re still having problems with the A** you can PM me, but the z****x website has great documentation about it with nice examples.

@n1b1ru said:

@avoidy said:

@n1b1ru said:
Well guest doesn’t allow me to interact with API. I think the RCE is related with API and the posibility to upload scripts. Anyway I cannot do it

Find a valid login and generate an auth token.

A valid user for web page ??

For the A** access…

@Phrenesis2k said:

@n1b1ru said:

@avoidy said:

@n1b1ru said:
Well guest doesn’t allow me to interact with API. I think the RCE is related with API and the posibility to upload scripts. Anyway I cannot do it

Find a valid login and generate an auth token.

A valid user for web page ??

For the A** access…

ok. I tried it but with no success. Anyway A*** gave me just a valid user

Hey, I’have a reverse shell, but I think in th wrong place. Can some one PM me ? I just want know if I have to escape this place or try an “over place”

Anyone ever actually use that application. I am starting to look into it. Looks pretty awesome

This one was fun. Getting a good foothold was the hardest.

Anyone is willing to be PMed? I have some questions about the box. I do not familiar with Zabbix.

@samiux said:
Anyone is willing to be PMed? I have some questions about the box. I do not familiar with Zabbix.

Sure, send me a message.