Zipper

i have command for cli but im getting an error. im sure im doing it right… Anyone wants to PM and take look at my command ?

Still pushing through, can’t see how the magic file can be helpful to jump users… thanks @Baikuya for tips

Rooted :slight_smile:

Initial Foothold:

This track helped me a lot, after looking for another way of accerder, as is common in several machines this does not need Brute Force, you do not need to be an expert in using the web application, just look for something related to the name of the machine, it is possible that an interesting message leaves you stuck, looks for another way to follow… Search in the documentation of the technology that uses the machine, has interesting features for the developers:

@Skunkfoot said:
if you do want to bruteforce it instead of doing it manually (even though doing it manually is easy and quick enough), create your own wordlist and use it for both fields. If you’re looking closely enough, you shouldn’t need more than 4 targeted entries…

Honestly, if you look closely enough, you’ll know it when you see it. You’ll see it and think, “hmm, that’s weird, looks like the creator of the box made a spelling error…”

Well he didn’t, it’s there intentionally, just like guest access is. Hope this helps, please remove if it’s too much of a spoiler.

User:

Here is just using Google a bit to achieve the RCE, when you do you will notice something strange when you enter, you will feel that you are not where you should be, good advice: Play with the documentation of the technology used by the machine and you will find the flag

Root:

Everything you need before your eyes is not complex, escalation is related to the way in which the machine searches and executes certain binaries, looks for ways to cheat the system, there is an interesting binary to do it, maybe you need help of C ++

Can anyone answer if I missed something did many scan found login logged in as guest and rooted around found info on the next creds and logged in with those messed around for a while reset the machine logged back in with those creds now Im getting a GUI disabled I thought GUI was only disable for admin/root?

NVM

Update: Got user, massive thanks to @Baikuya and @dReadB0t138 for tips - what a journey.

Need help with getting a user shell…or root :smiley: Got a shell but with wrong user and i am stuck on trying to escalate it to the real user?! Please PN or hint me, thanks alot!!

Finally user after over a week :frowning:

i see S**D bit on a file which i think is privesc method… any nudges on how to use this file??? I remember Ippsec did it on bank but it seems different with this file

LOL thanks guys for pointing me in the right direction, i got user :smiley: Its really so “in-front-of-you” i didn´t even think about using my finding to get to user. Have to stop overcomplicating stuff :wink: now i am going for root…

Finally got root on Zipper…Thanks to @lnx and @mreiaz

On foothold:
Does anyone else get a positive hit on hydra but the login doesnt work? Ive never seen this before :confused: sorry if stupid question

@alrightalright said:
On foothold:
Does anyone else get a positive hit on hydra but the login doesnt work? Ive never seen this before :confused: sorry if stupid question

not a stupid question but was asked already multiple times :slight_smile:
I won’t hand it to you, sorry - go back in this topic and you will find it

@sajkox said:

@alrightalright said:
On foothold:
Does anyone else get a positive hit on hydra but the login doesnt work? Ive never seen this before :confused: sorry if stupid question

not a stupid question but was asked already multiple times :slight_smile:
I won’t hand it to you, sorry - go back in this topic and you will find it

Right hahah, seeing now that hydra isnt the way to go. Ill guess some

Not what i meant though. I myself used hydra but it’s not required. I found same thing u did it’s a progress and useful info. Read further…

Got the reverse shell. But not able to navigate to home or any folders. So any hints here appreciated. Thanks

@sesha569 said:
Got the reverse shell. But not able to navigate to home or any folders. So any hints here appreciated. Thanks

What user are you? As mentioned in this thread - the right place and user can see home folder. If you can’t - you are in the wrong place. Zabbix is quite specific…

i’m able to execute code both on server and agent, but unable to got a stable rev shell, due to timeout…
found also a my**l credential, but unable to login on the db from server…

any help?

Got this box, user can be a bit annoying (read the object doc), root is pretty easy! Thanks a lot to @Baikuya and @whipped for their help!

Root is easy… if you know the right technique. I didn’t - but looks like it is a handy one!!

Thanks to @J0rdan @samsepi0l and @dReadB0t138 for chat and working on this with me. Great box to learn a lot. And to learn how to learn…

Got root before user…

Those saying to just grab the key to get stable shell… at least in my case you’re not the right user to get the keys… so getting root was easier.