@r3no said:
EDIT: someone was claiming that root is possible without getting user. I would love to learn how can that be accomplished if anyone was able to really do this.
I am late to the game but: the same privesc that works for the user to root works for the initial z**x shell as well.
@supercop89 said:
Anybody knows why the login isn’t possible anymore? i tried the enumerated user but every time “Login name or password is incorrect.” is shown. The same situation after box reset
No “gui access is disabled” or other stuff
Is there only the exploit possible?
you’re on the right way just find a way to get in. I am in but I am still looking where to put my shell or reuse some shell. I found script but I forgot where I found it someone has enabled the admin gui access that time lol
Hope this is not a spoiler for those stuck at the “GUI ACCESS DISABLED”, if admin login doesnt work after reset its because someone gave you a free pass by enabling GUI access to zapper for changed admin password…If you can’t guess the password for admin…there is a hint in “GUI ACCESS DISABLED” if GUI is disabled, what could be enable? Maybe CLI…
@inspek said:
Hope this is not a spoiler for those stuck at the “GUI ACCESS DISABLED”, if admin login doesnt work after reset its because someone gave you a free pass by enabling GUI access to zapper for changed admin password…If you can’t guess the password for admin…there is a hint in “GUI ACCESS DISABLED” if GUI is disabled, what could be enable? Maybe CLI…
Thanks for your help. WTF there was a username typo error when i made the login :/. The day before i used the correct user. Therefore it was not possible to get the “GUI Access message”
Anybode can help me which tool i can use to connect to the zabbix agent? zabbix sender?
@supercop89 said:
Anybody knows why the login isn’t possible anymore? i tried the enumerated user but every time “Login name or password is incorrect.” is shown. The same situation after box reset
No “gui access is disabled” or other stuff
Is there only the exploit possible?
you’re on the right way just find a way to get in. I am in but I am still looking where to put my shell or reuse some shell. I found script but I forgot where I found it someone has enabled the admin gui access that time lol
Thanks for your fast help. I know the port for the right way but don’t know which tool i have to use for the connection. Zabber is new for me and i don’t know if there is a default client for zabber in kali available.
Rooted but not quite clear how the privesc is working. I know what to do but would like some explanation. Can anyone pm me so I can ask a few questions how the privesc in this box is actually working?
I managed to create a user with GUI access, had got a stable reverse shell and proper hostname. IDK when I try to cat user.txt it gives permission error. When I try to use the new user in that exploit but it does not give me access while the old username and pwd only works. Any nudge/help. I am stuck.
Figuring out how to wire up the Za**i* software to give me a reverse shell is PISSING ME OFF lol. I’ve had a few reverse shells that randomly spawn, but I’m having trouble figuring out what exactly is triggering them
This was the first box I got root without user first. I wonder if that’s by intention.
For those struggling with with stable rev shell: Play with the zabbix GUI after creating an own user. There’s more than bash or nc.
@Underworld said:
Figuring out how to wire up the Za**i* software to give me a reverse shell is PISSING ME OFF lol. I’ve had a few reverse shells that randomly spawn, but I’m having trouble figuring out what exactly is triggering them
You should find out how to appear report , poke around in the web page you Will find some thing interesting