Zipper

Just rooted the box. Really fun priv esc.
Thanks for box :slight_smile:

So I have user, just struggling on priv esc, any hints please? All these resets are killing me

Any hint to have user?

Super stuck on this i have the GUI access disabled. account but from there i have no idea where to go… i have tried some exploits but when i try to do anything get this error “No permissions to referred object or it does not exist!”

@marshy said:
Super stuck on this i have the GUI access disabled. account but from there i have no idea where to go… i have tried some exploits but when i try to do anything get this error “No permissions to referred object or it does not exist!”

Sent you a PM :slight_smile:

also got r00t before us3r…?

Did anyone mange to use Zax exploits which are available via searchsploit? I tried to use them but all without success. So now I wrote custom python script to communicate with Zax AI and I’m trying to figure out (via Za**x documentation) how to send/execute script on server.

I finally got root. I learned a lot about the service running on this machine. It was not an easy one especially for user shell. I still think root is easier than user. Please feel free to PM if you need a hint.

Should i try to login into admin page or is there something else that i missed? I’m a bit new.
Edit: Got it

@Sixpon said:
Should i try to login into admin page or is there something else that i missed? I’m a bit new.

read this post in full - you will know

@Sixpon said:
Should i try to login into admin page or is there something else that i missed? I’m a bit new.

Try to guess at the begining, maybe the Guest user could give you kind words n.n

If it didn’t make sense, PM me :wink:

.

@evandrix said:
whoever is messing with the box and deleting /home/zapper entirely, pls stop

Are you sure that you are in the right place? :wink:

@f4d3 said:

@Sixpon said:
Should i try to login into admin page or is there something else that i missed? I’m a bit new.

Try to guess at the begining, maybe the Guest user could give you kind words n.n

If it didn’t make sense, PM me :wink:

i forgot to edit, i did it but i’m looking for scripts. This is very difficult for me. :slight_smile:

.

Rooted. Cool box, I was waaaaaay overthinking the user.

Can somebody DM me the exploit used for initial foothold? I did it the “other” way.

for god’s sake please stop brute-forcing the login form! you don’t need it, you can just guess it with a bit of reading as guest user. you’re screwing up the machine for everyone else. please!

i got root. if u want to need help. pm me.

how on earth are you guys breaking out and finding creds for the user.txt… i’m losing my mind here

got it, thanks to @kimbilirkim for the final nudge. while the box was actually quite nice, it was also extremely unstable and as someone mentioned, having some other way to get the credentials for the initial foothold would be nice since people tend to absolutely hammer that machine with brute-force attacks, up to the point where it becomes totally unuseable. aside from that, i enjoyed the box.