Zipper

1911131415

Comments

  • Lost a lot of time on initial foothold and I can't say I learned anything new on that part. Remove if you consider this a spoiler. The hint regarding "a typo in a word while logged as Guest" refers to an unusual name compared to the machine's name. You can't miss it. Pay attention to "case sensitive" and you will know you got it right when a different message than "incorrect password" will be shown. The password for that unusual "typo" user is at simple as possible, so just guess it, no brute-force needed. Feel free to PM me for that part.

  • Got user. By far the best box I've done so far! Great work @burmat

    sanre

  • Added script in the GUI. But not able to find the place where execute that?
    any hints? thanks.

    sesha569

  • any hints to initial foothiold ?
    just got my syntax for hydra right -i think , but it outputs that all passwords are correct !!

    mitoOo

  • Anyone able to PM me I would be grateful. I have what looks like a successful exploit but cant find any documetation on the CLI. A point in the right direction would be appreciated :)

  • I got the reverse shell but for the z****, can't access anything. I think i am at wrong place ,
    if i am on right track then please PM me. Need urgent help plzzzzzz.

  • @CGonzalo said:
    Rooted. Thank you very much to @fjv @eRaMvn and @Baikuya

    If you need help, let me know!

    please pm me i need urgent help

  • As a newbie, getting user was pretty simple & straight forward.

    Hints for initial foothold & user:

    • Enumerate as guest login, find what is happening.
    • Read system documentation, it is handy.
    • Try changing some configurations.
    • Once you got in, see what is in front of you. Is there something hidden?
    • Got user? Congratz. [ Grab a check point that a lot of people mentioned here for easy access].

    For root I must admit that I suffered for days. But reading here and there, Its pretty easy.

    Hints for root:

    • Do not over complicate things. [ Like I did]
    • SimplePrivEsc shall guide you.
    • Enumerate what you see.
    • Google is your best friend to learn new things.

    I hope this is not much of a spoiler. although all the points are mentioned in previous posts.

    Special thanks to the creator. [Root Dance is fun]

  • Rooted

    I just wanted to post and say how much I enjoyed this box and learned some really cool vulnerabilities and exploits about the service used as well as the method of priv esc. We need more boxes like this!!

  • Guys Could you please Stop Resetting this box ...

    mitoOo

  • Hi, i enumerated correct username and password, i installed z*****-cli and i can run some commands but i can not run any scripts. Is there are a way to bypass gui access or reset admin password?

    Thanks.

  • > @sesha569 said:
    > Added script in the GUI. But not able to find the place where execute that?
    > any hints? thanks.

    Got user.txt
    Now trying priv escalation to root.

    sesha569

  • edited December 2018

    Got root. Thanks for everyone who helped. Thanks for creator. this is a lovely box. Learnt a lot.

    sesha569

  • Now i can access GUI, i can run scripts to have shell. i find a b***.z file. Should i crack it or not? I am stuck at this point.

  • Hey there,
    I have got the credentials for the Web GUI. I am really sure that I have to use a Script to get access via shell.
    But I am completely stucked how to execute the scripts.
    Please send me a hint via PM.
    Thanks

  • When I go to the url, i am redirected to a***** default page. I cannot find login page.

    Is there something wrong or missing. Any hint?

  • I am still inside the docker and i can't access the real machine. Any hints related to it?

  • Give it a go and read up the Zion documentation, especially the part on Agent Smith and what it can do to the Matrix.

    limbernie
    Write-ups | Discord - limbernie#0386

  • edited January 2019

    Great box! Rooted!

    PM for hints!

    Hack The Box

    Hack The Box
    -OSCP-

  • edited January 2019

    Struggling to get initial foothold but slowly getting there. I think I've found two different places I can run stuff to try and get a shell, but I guess I need to find out how to run stuff (probably depending on specific conditions), and especially how to make it run only once (or better, on demand, just in case).
    Gotta read more of the docs, that time period thingy isn't getting me anywhere !

    Cool box :)

    edit : just thinking aloud, really ; hope this doesn't spoil too much !

  • edited January 2019

    edit : Nvm, got it !

    edit2 : Rooted ! User part was clearly the hardest, but thanks to @D3vnull for his help, by confirming a path I chose only to let it down prematurely. Sometimes, I just need to try harder :)

    Feel free to PM if hints are needed !

  • rooted, fantastic box

    Hack The Box

  • Rooted.
    Great challenge

    Bang0123

  • i was SOOO close all the time, but it didn't work.
    after i took a short break i saw my mistake, feel free to ask in case of escalation trouble

  • Would love a nudge on user, I have a decent tty shell, but no user yet...

    WillIWas

  • I'm at the initial foothold, Have i to search some real exploit with searchsploit to get creds or just watching around?

  • cbxcbx
    edited January 2019

    @Virgula said:
    I'm at the initial foothold, Have i to search some real exploit with searchsploit to get creds or just watching around?

    No need of exploit... Poke around make a list of keywords you see and try login with them.
    I made a list with 5 words, doesnt need much...

  • This was an excellent box, thank you @burmat !

    Fibbot
    OSCP

  • cbxcbx
    edited January 2019

    I'm able to execute scripts as admin but it says that can not find sudo command...
    Help?!

  • @cbx said:
    I'm able to execute scripts as admin but it says that can not find sudo command...
    Help?!

    Maybe because sudo is not needed?

    limbernie
    Write-ups | Discord - limbernie#0386

Sign In to comment.