Zipper

1568101115

Comments

  • edited November 2018
    .
  • edited November 2018

    @evandrix said:
    whoever is messing with the box and deleting /home/zapper entirely, pls stop

    Are you sure that you are in the right place? :wink:

    Draco123

  • @f4d3 said:

    @Sixpon said:
    Should i try to login into admin page or is there something else that i missed? I'm a bit new.

    Try to guess at the begining, maybe the Guest user could give you kind words n.n

    If it didn't make sense, PM me ;)

    i forgot to edit, i did it but i'm looking for scripts. This is very difficult for me. :)

    Hack The Box

  • edited November 2018

    .

  • Rooted. Cool box, I was waaaaaay overthinking the user.

    Can somebody DM me the exploit used for initial foothold? I did it the "other" way.

  • for god's sake please stop brute-forcing the login form! you don't need it, you can just guess it with a bit of reading as guest user. you're screwing up the machine for everyone else. please!

  • i got root. if u want to need help. pm me.

  • how on earth are you guys breaking out and finding creds for the user.txt.... i'm losing my mind here

  • got it, thanks to @kimbilirkim for the final nudge. while the box was actually quite nice, it was also extremely unstable and as someone mentioned, having some other way to get the credentials for the initial foothold would be nice since people tend to absolutely hammer that machine with brute-force attacks, up to the point where it becomes totally unuseable. aside from that, i enjoyed the box.

  • edited November 2018

    Anybody knows why the login isn't possible anymore? i tried the enumerated user but every time "Login name or password is incorrect." is shown. The same situation after box reset :/

    No "gui access is disabled" or other stuff :disappointed:

    Is there only the exploit possible?

  • jkrjkr
    edited November 2018

    @r3no said:
    EDIT: someone was claiming that root is possible without getting user. I would love to learn how can that be accomplished if anyone was able to really do this.

    I am late to the game but: the same privesc that works for the user to root works for the initial z**x shell as well.

  • @supercop89 said:
    Anybody knows why the login isn't possible anymore? i tried the enumerated user but every time "Login name or password is incorrect." is shown. The same situation after box reset :/

    No "gui access is disabled" or other stuff :disappointed:

    Is there only the exploit possible?

    you're on the right way just find a way to get in. I am in but I am still looking where to put my shell or reuse some shell. I found script but I forgot where I found it someone has enabled the admin gui access that time lol

    32x0LF

  • This is a good excercise for your hand and your hair for beginners like me. :)

    32x0LF

  • Hope this is not a spoiler for those stuck at the "GUI ACCESS DISABLED", if admin login doesnt work after reset its because someone gave you a free pass by enabling GUI access to zapper for changed admin password...If you can't guess the password for admin.....there is a hint in "GUI ACCESS DISABLED" if GUI is disabled, what could be enable? Maybe CLI....

    inspek

  • @inspek said:
    Hope this is not a spoiler for those stuck at the "GUI ACCESS DISABLED", if admin login doesnt work after reset its because someone gave you a free pass by enabling GUI access to zapper for changed admin password...If you can't guess the password for admin.....there is a hint in "GUI ACCESS DISABLED" if GUI is disabled, what could be enable? Maybe CLI....

    Thanks for your help. WTF there was a username typo error when i made the login :/. The day before i used the correct user. Therefore it was not possible to get the "GUI Access message" ;)

    Anybode can help me which tool i can use to connect to the zabbix agent? zabbix sender?

  • @32x0LF said:

    @supercop89 said:
    Anybody knows why the login isn't possible anymore? i tried the enumerated user but every time "Login name or password is incorrect." is shown. The same situation after box reset :/

    No "gui access is disabled" or other stuff :disappointed:

    Is there only the exploit possible?

    you're on the right way just find a way to get in. I am in but I am still looking where to put my shell or reuse some shell. I found script but I forgot where I found it someone has enabled the admin gui access that time lol

    Thanks for your fast help. I know the port for the right way but don't know which tool i have to use for the connection. Zabber is new for me and i don't know if there is a default client for zabber in kali available.

  • edited November 2018

    Rooted but not quite clear how the privesc is working. I know what to do but would like some explanation. Can anyone pm me so I can ask a few questions how the privesc in this box is actually working?

  • I managed to create a user with GUI access, had got a stable reverse shell and proper hostname. IDK when I try to cat user.txt it gives permission error. When I try to use the new user in that exploit but it does not give me access while the old username and pwd only works. Any nudge/help. I am stuck.

  • Rooted :smile: This was a good box. Getting user was interesting and struggle for maintaining the shell is real.
    Pm for hints if needed. :innocent:

    Draco123

  • Figuring out how to wire up the Za**i* software to give me a reverse shell is PISSING ME OFF lol. I've had a few reverse shells that randomly spawn, but I'm having trouble figuring out what exactly is triggering them

    Hack The Box

  • I got reverse Shell, but when i checked eth0 has IP 172.x.x.x not 10.10.10.109, am i lost? Need nudge

    banteng999

  • Fun box. Rooted, but didn't get the z****r user first... I'm curious about the other ways to get in. PM me if ya wanna trade notes.

  • Hi, could someone please PM about how to get a proper TTY. Thanks!

  • This was the first box I got root without user first. I wonder if that's by intention.
    For those struggling with with stable rev shell: Play with the zabbix GUI after creating an own user. There's more than bash or nc.

  • edited November 2018

    Spoiler Removed - egre55

    banteng999

  • edited November 2018

    Hmm why all version python is not working for get a stabile shell .....not just this method dont work :angry:

  • > @T3jv1l said:
    > Hmm why all version python is not working for get a stabile shell .....not just this method dont work :angry:

    Use /us*/b*n/p*th*n3

    banteng999

  • Got user flag, fighting for privesc, i wonder some body can give me nudge

    banteng999

  • > @Underworld said:
    > Figuring out how to wire up the Za**i* software to give me a reverse shell is PISSING ME OFF lol. I've had a few reverse shells that randomly spawn, but I'm having trouble figuring out what exactly is triggering them

    You should find out how to appear report , poke around in the web page you Will find some thing interesting

    banteng999

  • Got past there, now onto ROOT!

    Hack The Box

Sign In to comment.