Zipper

As a newbie, getting user was pretty simple & straight forward.

Hints for initial foothold & user:

  • Enumerate as guest login, find what is happening.
  • Read system documentation, it is handy.
  • Try changing some configurations.
  • Once you got in, see what is in front of you. Is there something hidden?
  • Got user? Congratz. [ Grab a check point that a lot of people mentioned here for easy access].

For root I must admit that I suffered for days. But reading here and there, Its pretty easy.

Hints for root:

  • Do not over complicate things. [ Like I did]
  • SimplePrivEsc shall guide you.
  • Enumerate what you see.
  • Google is your best friend to learn new things.

I hope this is not much of a spoiler. although all the points are mentioned in previous posts.

Special thanks to the creator. [Root Dance is fun]

Rooted

I just wanted to post and say how much I enjoyed this box and learned some really cool vulnerabilities and exploits about the service used as well as the method of priv esc. We need more boxes like this!!

Guys Could you please Stop Resetting this box …

Hi, i enumerated correct username and password, i installed z*****-cli and i can run some commands but i can not run any scripts. Is there are a way to bypass gui access or reset admin password?

Thanks.

@sesha569 said:
Added script in the GUI. But not able to find the place where execute that?
any hints? thanks.

Got user.txt
Now trying priv escalation to root.

Got root. Thanks for everyone who helped. Thanks for creator. this is a lovely box. Learnt a lot.

Now i can access GUI, i can run scripts to have shell. i find a b***.z file. Should i crack it or not? I am stuck at this point.

Hey there,
I have got the credentials for the Web GUI. I am really sure that I have to use a Script to get access via shell.
But I am completely stucked how to execute the scripts.
Please send me a hint via PM.
Thanks

When I go to the url, i am redirected to a***** default page. I cannot find login page.

Is there something wrong or missing. Any hint?

I am still inside the docker and i can’t access the real machine. Any hints related to it?

Give it a go and read up the Zion documentation, especially the part on Agent Smith and what it can do to the Matrix.

Great box! Rooted!

PM for hints!

Hack The Box

Struggling to get initial foothold but slowly getting there. I think I’ve found two different places I can run stuff to try and get a shell, but I guess I need to find out how to run stuff (probably depending on specific conditions), and especially how to make it run only once (or better, on demand, just in case).
Gotta read more of the docs, that time period thingy isn’t getting me anywhere !

Cool box :slight_smile:

edit : just thinking aloud, really ; hope this doesn’t spoil too much !

edit : Nvm, got it !

edit2 : Rooted ! User part was clearly the hardest, but thanks to @D3vnull for his help, by confirming a path I chose only to let it down prematurely. Sometimes, I just need to try harder :slight_smile:

Feel free to PM if hints are needed !

rooted, fantastic box

Rooted.
Great challenge

i was SOOO close all the time, but it didn’t work.
after i took a short break i saw my mistake, feel free to ask in case of escalation trouble

Would love a nudge on user, I have a decent tty shell, but no user yet…

I’m at the initial foothold, Have i to search some real exploit with searchsploit to get creds or just watching around?

@Virgula said:
I’m at the initial foothold, Have i to search some real exploit with searchsploit to get creds or just watching around?

No need of exploit… Poke around make a list of keywords you see and try login with them.
I made a list with 5 words, doesnt need much…