Zipper

Anyone is willing to be PMed? I have some questions about the box. I do not familiar with Zabbix.

@samiux said:
Anyone is willing to be PMed? I have some questions about the box. I do not familiar with Zabbix.

Sure, send me a message.

Hi, I am wondering how people managed to find the CMS, I tried using dirbuster, gobuster with using keywords generated with cewl from the initial page.

Thanks

Enjoyed the box. Thanks to the developer for creating it. More than enough hints to get this box. PM me if you need guidance.

For god! Stop resetting the box every 5mins…

Humans, please do not keep on resetting the server. It will not help. It is very annoying…

Anyways, got the root access, thanks to some nudge from @fjv @sajkox and @avoidy .

Hint for user: No need of using hashcat, it is just right infront of your eye, and resetting the server wont get you user.txt.
Hint for root: Again, something is just right in front of your eye…

Just rooted the box. Really fun priv esc.
Thanks for box :slight_smile:

So I have user, just struggling on priv esc, any hints please? All these resets are killing me

Any hint to have user?

Super stuck on this i have the GUI access disabled. account but from there i have no idea where to go… i have tried some exploits but when i try to do anything get this error “No permissions to referred object or it does not exist!”

@marshy said:
Super stuck on this i have the GUI access disabled. account but from there i have no idea where to go… i have tried some exploits but when i try to do anything get this error “No permissions to referred object or it does not exist!”

Sent you a PM :slight_smile:

also got r00t before us3r…?

Did anyone mange to use Zax exploits which are available via searchsploit? I tried to use them but all without success. So now I wrote custom python script to communicate with Zax AI and I’m trying to figure out (via Za**x documentation) how to send/execute script on server.

I finally got root. I learned a lot about the service running on this machine. It was not an easy one especially for user shell. I still think root is easier than user. Please feel free to PM if you need a hint.

Should i try to login into admin page or is there something else that i missed? I’m a bit new.
Edit: Got it

@Sixpon said:
Should i try to login into admin page or is there something else that i missed? I’m a bit new.

read this post in full - you will know

@Sixpon said:
Should i try to login into admin page or is there something else that i missed? I’m a bit new.

Try to guess at the begining, maybe the Guest user could give you kind words n.n

If it didn’t make sense, PM me :wink:

.

@evandrix said:
whoever is messing with the box and deleting /home/zapper entirely, pls stop

Are you sure that you are in the right place? :wink:

@f4d3 said:

@Sixpon said:
Should i try to login into admin page or is there something else that i missed? I’m a bit new.

Try to guess at the begining, maybe the Guest user could give you kind words n.n

If it didn’t make sense, PM me :wink:

i forgot to edit, i did it but i’m looking for scripts. This is very difficult for me. :slight_smile: