Zipper

Hey, I’have a reverse shell, but I think in th wrong place. Can some one PM me ? I just want know if I have to escape this place or try an “over place”

Anyone ever actually use that application. I am starting to look into it. Looks pretty awesome

This one was fun. Getting a good foothold was the hardest.

Anyone is willing to be PMed? I have some questions about the box. I do not familiar with Zabbix.

@samiux said:
Anyone is willing to be PMed? I have some questions about the box. I do not familiar with Zabbix.

Sure, send me a message.

Hi, I am wondering how people managed to find the CMS, I tried using dirbuster, gobuster with using keywords generated with cewl from the initial page.

Thanks

Enjoyed the box. Thanks to the developer for creating it. More than enough hints to get this box. PM me if you need guidance.

For god! Stop resetting the box every 5mins…

Humans, please do not keep on resetting the server. It will not help. It is very annoying…

Anyways, got the root access, thanks to some nudge from @fjv @sajkox and @avoidy .

Hint for user: No need of using hashcat, it is just right infront of your eye, and resetting the server wont get you user.txt.
Hint for root: Again, something is just right in front of your eye…

Just rooted the box. Really fun priv esc.
Thanks for box :slight_smile:

So I have user, just struggling on priv esc, any hints please? All these resets are killing me

Any hint to have user?

Super stuck on this i have the GUI access disabled. account but from there i have no idea where to go… i have tried some exploits but when i try to do anything get this error “No permissions to referred object or it does not exist!”

@marshy said:
Super stuck on this i have the GUI access disabled. account but from there i have no idea where to go… i have tried some exploits but when i try to do anything get this error “No permissions to referred object or it does not exist!”

Sent you a PM :slight_smile:

also got r00t before us3r…?

Did anyone mange to use Zax exploits which are available via searchsploit? I tried to use them but all without success. So now I wrote custom python script to communicate with Zax AI and I’m trying to figure out (via Za**x documentation) how to send/execute script on server.

I finally got root. I learned a lot about the service running on this machine. It was not an easy one especially for user shell. I still think root is easier than user. Please feel free to PM if you need a hint.

Should i try to login into admin page or is there something else that i missed? I’m a bit new.
Edit: Got it

@Sixpon said:
Should i try to login into admin page or is there something else that i missed? I’m a bit new.

read this post in full - you will know

@Sixpon said:
Should i try to login into admin page or is there something else that i missed? I’m a bit new.

Try to guess at the begining, maybe the Guest user could give you kind words n.n

If it didn’t make sense, PM me :wink: