I just wanted to post and say how much I enjoyed this box and learned some really cool vulnerabilities and exploits about the service used as well as the method of priv esc. We need more boxes like this!!
Hi, i enumerated correct username and password, i installed z*****-cli and i can run some commands but i can not run any scripts. Is there are a way to bypass gui access or reset admin password?
Hey there,
I have got the credentials for the Web GUI. I am really sure that I have to use a Script to get access via shell.
But I am completely stucked how to execute the scripts.
Please send me a hint via PM.
Thanks
Struggling to get initial foothold but slowly getting there. I think I’ve found two different places I can run stuff to try and get a shell, but I guess I need to find out how to run stuff (probably depending on specific conditions), and especially how to make it run only once (or better, on demand, just in case).
Gotta read more of the docs, that time period thingy isn’t getting me anywhere !
Cool box
edit : just thinking aloud, really ; hope this doesn’t spoil too much !
edit2 : Rooted ! User part was clearly the hardest, but thanks to @D3vnull for his help, by confirming a path I chose only to let it down prematurely. Sometimes, I just need to try harder