Zipper

@sesha569 said:
Added script in the GUI. But not able to find the place where execute that?
any hints? thanks.

Got user.txt
Now trying priv escalation to root.

Got root. Thanks for everyone who helped. Thanks for creator. this is a lovely box. Learnt a lot.

Now i can access GUI, i can run scripts to have shell. i find a b***.z file. Should i crack it or not? I am stuck at this point.

Hey there,
I have got the credentials for the Web GUI. I am really sure that I have to use a Script to get access via shell.
But I am completely stucked how to execute the scripts.
Please send me a hint via PM.
Thanks

When I go to the url, i am redirected to a***** default page. I cannot find login page.

Is there something wrong or missing. Any hint?

I am still inside the docker and i can’t access the real machine. Any hints related to it?

Give it a go and read up the Zion documentation, especially the part on Agent Smith and what it can do to the Matrix.

Great box! Rooted!

PM for hints!

Hack The Box

Struggling to get initial foothold but slowly getting there. I think I’ve found two different places I can run stuff to try and get a shell, but I guess I need to find out how to run stuff (probably depending on specific conditions), and especially how to make it run only once (or better, on demand, just in case).
Gotta read more of the docs, that time period thingy isn’t getting me anywhere !

Cool box :slight_smile:

edit : just thinking aloud, really ; hope this doesn’t spoil too much !

edit : Nvm, got it !

edit2 : Rooted ! User part was clearly the hardest, but thanks to @D3vnull for his help, by confirming a path I chose only to let it down prematurely. Sometimes, I just need to try harder :slight_smile:

Feel free to PM if hints are needed !

rooted, fantastic box

Rooted.
Great challenge

i was SOOO close all the time, but it didn’t work.
after i took a short break i saw my mistake, feel free to ask in case of escalation trouble

Would love a nudge on user, I have a decent tty shell, but no user yet…

I’m at the initial foothold, Have i to search some real exploit with searchsploit to get creds or just watching around?

@Virgula said:
I’m at the initial foothold, Have i to search some real exploit with searchsploit to get creds or just watching around?

No need of exploit… Poke around make a list of keywords you see and try login with them.
I made a list with 5 words, doesnt need much…

This was an excellent box, thank you @burmat !

I’m able to execute scripts as admin but it says that can not find sudo command…
Help?!

@cbx said:
I’m able to execute scripts as admin but it says that can not find sudo command…
Help?!

Maybe because sudo is not needed?

(10) Done in 3 days with some help
Learned Totally new thing (privilege escalation using path variable) ?