Zipper

Got user. By far the best box I’ve done so far! Great work @burmat

Added script in the GUI. But not able to find the place where execute that?
any hints? thanks.

any hints to initial foothiold ?
just got my syntax for hydra right -i think , but it outputs that all passwords are correct !!

Anyone able to PM me I would be grateful. I have what looks like a successful exploit but cant find any documetation on the CLI. A point in the right direction would be appreciated :slight_smile:

I got the reverse shell but for the z****, can’t access anything. I think i am at wrong place ,
if i am on right track then please PM me. Need urgent help plzzzzzz.

@CGonzalo said:
Rooted. Thank you very much to @fjv @eRaMvn and @Baikuya

If you need help, let me know!

please pm me i need urgent help

As a newbie, getting user was pretty simple & straight forward.

Hints for initial foothold & user:

  • Enumerate as guest login, find what is happening.
  • Read system documentation, it is handy.
  • Try changing some configurations.
  • Once you got in, see what is in front of you. Is there something hidden?
  • Got user? Congratz. [ Grab a check point that a lot of people mentioned here for easy access].

For root I must admit that I suffered for days. But reading here and there, Its pretty easy.

Hints for root:

  • Do not over complicate things. [ Like I did]
  • SimplePrivEsc shall guide you.
  • Enumerate what you see.
  • Google is your best friend to learn new things.

I hope this is not much of a spoiler. although all the points are mentioned in previous posts.

Special thanks to the creator. [Root Dance is fun]

Rooted

I just wanted to post and say how much I enjoyed this box and learned some really cool vulnerabilities and exploits about the service used as well as the method of priv esc. We need more boxes like this!!

Guys Could you please Stop Resetting this box …

Hi, i enumerated correct username and password, i installed z*****-cli and i can run some commands but i can not run any scripts. Is there are a way to bypass gui access or reset admin password?

Thanks.

@sesha569 said:
Added script in the GUI. But not able to find the place where execute that?
any hints? thanks.

Got user.txt
Now trying priv escalation to root.

Got root. Thanks for everyone who helped. Thanks for creator. this is a lovely box. Learnt a lot.

Now i can access GUI, i can run scripts to have shell. i find a b***.z file. Should i crack it or not? I am stuck at this point.

Hey there,
I have got the credentials for the Web GUI. I am really sure that I have to use a Script to get access via shell.
But I am completely stucked how to execute the scripts.
Please send me a hint via PM.
Thanks

When I go to the url, i am redirected to a***** default page. I cannot find login page.

Is there something wrong or missing. Any hint?

I am still inside the docker and i can’t access the real machine. Any hints related to it?

Give it a go and read up the Zion documentation, especially the part on Agent Smith and what it can do to the Matrix.

Great box! Rooted!

PM for hints!

Hack The Box

Struggling to get initial foothold but slowly getting there. I think I’ve found two different places I can run stuff to try and get a shell, but I guess I need to find out how to run stuff (probably depending on specific conditions), and especially how to make it run only once (or better, on demand, just in case).
Gotta read more of the docs, that time period thingy isn’t getting me anywhere !

Cool box :slight_smile:

edit : just thinking aloud, really ; hope this doesn’t spoil too much !

edit : Nvm, got it !

edit2 : Rooted ! User part was clearly the hardest, but thanks to @D3vnull for his help, by confirming a path I chose only to let it down prematurely. Sometimes, I just need to try harder :slight_smile:

Feel free to PM if hints are needed !