Zipper

Rooted this box. Privesc was much more easy then user for me. If anyone needs help feel free to PM me :slight_smile:

Rooted. Also took me much longer for user than for root.
At least the documentation is fantastic. Well worth the read for initial access.

Rooted. Thank you very much to @fjv @eRaMvn and @Baikuya

If you need help, let me know!

Any hints on privilege escalation
Cant figure out how to exploit za****-serv***

Analyze the binary and see how (specifically) the binary is executing its functions.

i got a funny shell but i cant cd into home

how can escape the shell that im currently in ? Help… PM please

@LordeDestro said:
how can escape the shell that im currently in ? Help… PM please

Sure Send message!

Could anyone give me a nudge in PM on the za*****-s******* thing?

is it possible to complete without gui?

Guys, I’m having issues with RCE, I can list scripts, modify them but when I try to execute them, I get error:“Application error.”,“data”:“No permissions to referred object or it does not exist!”

My script is ok because when somebody else executes it, I get reverse shell :slight_smile:

Edit: nevermind, found workaround…

rooted

Ok so this one was really interesting

Initial foothold - Again Enumerate fully, There is a service which will tell you what sort of server this is. Read the documentation about software to get in. Personally i think the hint in here about a “spelling mistake” is a bit of a rabbit hole, unless someone wants to tell me what this so called spelling mistake is ??

Don’t use hydra - just make a note of what you can see once you access the website. As someone mentioned before - its not very security savvy

Some things can be done without a GUI - and it makes life a lot easier. Also look at things that should never be enabled in a production release of this specific system

User :

Reset the box - I’ve had attempts where some fool reset the user password. Then just look at what is in front of you

Root:

I don’t want to string you along here but make sure you are on the right path when you see an interesting file

Admins - if you reckon this contains spoilers please edit / let me know

Feel free to contact for hints. (as per usual, show your enumeration so far and don’t expect walk-through’s)

Thank you 0xd1360b and J0rdan. Appreciate the nudges :slight_smile:

i have command for cli but im getting an error. im sure im doing it right… Anyone wants to PM and take look at my command ?

Still pushing through, can’t see how the magic file can be helpful to jump users… thanks @Baikuya for tips

Rooted :slight_smile:

Initial Foothold:

This track helped me a lot, after looking for another way of accerder, as is common in several machines this does not need Brute Force, you do not need to be an expert in using the web application, just look for something related to the name of the machine, it is possible that an interesting message leaves you stuck, looks for another way to follow… Search in the documentation of the technology that uses the machine, has interesting features for the developers:

@Skunkfoot said:
if you do want to bruteforce it instead of doing it manually (even though doing it manually is easy and quick enough), create your own wordlist and use it for both fields. If you’re looking closely enough, you shouldn’t need more than 4 targeted entries…

Honestly, if you look closely enough, you’ll know it when you see it. You’ll see it and think, “hmm, that’s weird, looks like the creator of the box made a spelling error…”

Well he didn’t, it’s there intentionally, just like guest access is. Hope this helps, please remove if it’s too much of a spoiler.

User:

Here is just using Google a bit to achieve the RCE, when you do you will notice something strange when you enter, you will feel that you are not where you should be, good advice: Play with the documentation of the technology used by the machine and you will find the flag

Root:

Everything you need before your eyes is not complex, escalation is related to the way in which the machine searches and executes certain binaries, looks for ways to cheat the system, there is an interesting binary to do it, maybe you need help of C ++

Can anyone answer if I missed something did many scan found login logged in as guest and rooted around found info on the next creds and logged in with those messed around for a while reset the machine logged back in with those creds now Im getting a GUI disabled I thought GUI was only disable for admin/root?

NVM

Update: Got user, massive thanks to @Baikuya and @dReadB0t138 for tips - what a journey.

Need help with getting a user shell…or root :smiley: Got a shell but with wrong user and i am stuck on trying to escalate it to the real user?! Please PN or hint me, thanks alot!!

Finally user after over a week :frowning: