Zipper

@32x0LF said:

@supercop89 said:
Anybody knows why the login isn’t possible anymore? i tried the enumerated user but every time “Login name or password is incorrect.” is shown. The same situation after box reset :confused:

No “gui access is disabled” or other stuff :disappointed:

Is there only the exploit possible?

you’re on the right way just find a way to get in. I am in but I am still looking where to put my shell or reuse some shell. I found script but I forgot where I found it someone has enabled the admin gui access that time lol

Thanks for your fast help. I know the port for the right way but don’t know which tool i have to use for the connection. Zabber is new for me and i don’t know if there is a default client for zabber in kali available.

Rooted but not quite clear how the privesc is working. I know what to do but would like some explanation. Can anyone pm me so I can ask a few questions how the privesc in this box is actually working?

I managed to create a user with GUI access, had got a stable reverse shell and proper hostname. IDK when I try to cat user.txt it gives permission error. When I try to use the new user in that exploit but it does not give me access while the old username and pwd only works. Any nudge/help. I am stuck.

Rooted :smile: This was a good box. Getting user was interesting and struggle for maintaining the shell is real.
Pm for hints if needed. :innocent:

Figuring out how to wire up the Za**i* software to give me a reverse shell is PISSING ME OFF lol. I’ve had a few reverse shells that randomly spawn, but I’m having trouble figuring out what exactly is triggering them

I got reverse Shell, but when i checked eth0 has IP 172.x.x.x not 10.10.10.109, am i lost? Need nudge

Fun box. Rooted, but didn’t get the z****r user first… I’m curious about the other ways to get in. PM me if ya wanna trade notes.

Hi, could someone please PM about how to get a proper TTY. Thanks!

This was the first box I got root without user first. I wonder if that’s by intention.
For those struggling with with stable rev shell: Play with the zabbix GUI after creating an own user. There’s more than bash or nc.

Spoiler Removed - egre55

Hmm why all version python is not working for get a stabile shell …not just this method dont work :angry:

@T3jv1l said:
Hmm why all version python is not working for get a stabile shell …not just this method dont work :angry:

Use /us*/bn/pth*n3

Got user flag, fighting for privesc, i wonder some body can give me nudge

@Underworld said:
Figuring out how to wire up the Za**i* software to give me a reverse shell is PISSING ME OFF lol. I’ve had a few reverse shells that randomly spawn, but I’m having trouble figuring out what exactly is triggering them

You should find out how to appear report , poke around in the web page you Will find some thing interesting

Got past there, now onto ROOT!

@banteng999 yep , i try this ,but in final i used meterpreter for stabile shell …but i hate to use msfconsole for box

To get a stable shell on the box… consider some other ways you might be permitted to run commands on Linux.

ok, this is doing my head in. The Zaix A shows two hosts, but if i execute commands on either of the hostid’s , I get the same doc**r container host. Anyone fancy PMing me?

Edit: NM, figured it out. Now to try and get a stable reverse shell

@whipped said:
ok, this is doing my head in. The Zaix A shows two hosts, but if i execute commands on either of the hostid’s , I get the same doc**r container host. Anyone fancy PMing me?

Edit: NM, figured it out. Now to try and get a stable reverse shell

what did you figure out about this? Im in exactly the same boat.

I got the user aceess, but no permission to access user.txt.
I found the way some services are runnid with S**D . but unable to exploit that .
Need some hint on that