Zipper

@whipped said:

@Djinn45SQL99 said:
I need a nudge on getting out of this docker container situation… 2 days now with no dice. Im in the “wrong” place and can’t get my shell to execute on “server” instead of “agent”. I can add a script in the GUI but no idea how to get it to execute

If you’re in the GUI, and you can create a script then it should be right in front of you. Take a look at each of the options you have when creating a script

yes I see the option but I fail to understand how to make it execute once it’s made. Trigger?

if you were able to get inside using GUI then you can do it also to get the script run. Think how you get inside and it’s the same thing with executing the script the only difference is the parameters hope this helps

–removed–

–removed–

I have found the username and password but am struggling how to log in as the GUI won’t let me and other tools in Metasploit don’t seem to work either. Could someone PM me a hint of what tool I need? Thanks

Thanks Got Root and user

Can someone please PM about root?

can some one pm me a nudge on making my reverse shell stable?

Anybody willing to help me?
I am at the login right now, used c**l to gather all the words it could find. Made wordlists out of those and then used Hydra… but… there wasn’t a single valid combination…

If anyone is struggling, feel free to PM me.

@whipped said:
ok, this is doing my head in. The Zaix A shows two hosts, but if i execute commands on either of the hostid’s , I get the same doc**r container host. Anyone fancy PMing me?

I am on the same boat as you were. Can you PM me a hint how you did it??
I got it. thx @banteng999 now onto user
if anyone has the same problem, pm me

EDIT: Got root. Thx to everybody who helped me and if anybody needs a nudge, PM me

Haha! It is fun interacting with this stuff but I’m still trying to access user.txt using the credential I found on its website but every time I run the command, it always return Permission Denied. I also managed to create an admin account but cannot find a way to connect it to host. Did I missed something? I’m already inside zabbix eh :confused: but cannot cat user.txt :frowning:

can someone give me a pm? I need some help on the initial stages with the zab * cl *

@mannivw said:
I’m obviously missing something, only 2 ports open and port 80 is default apache page. Everyone talking zabbix, I see nothing.

Maybe you need to widen your search

Thx for this box!!! is more dificult get into the box than privesc

Tips:

  • User: The user is in your face (Don’t need brute nothing). All you need is in the documentation. You don’t need exploits
  • Root: Spoiler Removed - egre55

Someone so kind I could do a pm I would need a guide on how to handle the script part, I managed to activate the gui of the 'user I found and read the bees, but not having experience I do not know how to proceed, + respect for the help

the only thing I have in my hand is an exploit that uses the jso * method and gives me a shell but always on zabbix

Rooted this box. Privesc was much more easy then user for me. If anyone needs help feel free to PM me :slight_smile:

Rooted. Also took me much longer for user than for root.
At least the documentation is fantastic. Well worth the read for initial access.

Rooted. Thank you very much to @fjv @eRaMvn and @Baikuya

If you need help, let me know!

Any hints on privilege escalation
Cant figure out how to exploit za****-serv***