Zipper

Would love a nudge on user, I have a decent tty shell, but no user yet…

I’m at the initial foothold, Have i to search some real exploit with searchsploit to get creds or just watching around?

@Virgula said:
I’m at the initial foothold, Have i to search some real exploit with searchsploit to get creds or just watching around?

No need of exploit… Poke around make a list of keywords you see and try login with them.
I made a list with 5 words, doesnt need much…

This was an excellent box, thank you @burmat !

I’m able to execute scripts as admin but it says that can not find sudo command…
Help?!

@cbx said:
I’m able to execute scripts as admin but it says that can not find sudo command…
Help?!

Maybe because sudo is not needed?

(10) Done in 3 days with some help
Learned Totally new thing (privilege escalation using path variable) ?

Struggling to get a stable shell. Would appreciate a nudge ?

@WillIWas said:
Would love a nudge on user, I have a decent tty shell, but no user yet…

Same here, could someone send me a nudge?
I can see but can not read the flag.

got root!!! :slight_smile:
really cool box… i learned a really lot from it…
root is really easier than user…
pm me for hint.

Could someone send me a nudge on what to do after getting a stable shell? Can’t see user.txt and know I need to go somewhere else but no idea what to do…

Edit: got user, on to root!

Hi. I’ve got a reverse shell on Zipper. Can anybody PM me how to get user z*****? I got stuckkkk…:S

@sk41 said:
Hi. I’ve got a reverse shell on Zipper. Can anybody PM me how to get user z*****? I got stuckkkk…:S

I’m in the same boat. Got some mysql credentials but I guess that’s just a dead end. Could someone send me a nudge?

Hi Guys, I am stuck in the initial foothold. I see there is a default apache page in port 80. Tried enumearting with gobust but no luck.

Am i in right path. Any hint.?

@cater1257 said:
Hi Guys, I am stuck in the initial foothold. I see there is a default apache page in port 80. Tried enumearting with gobust but no luck.

Am i in right path. Any hint.?

What else did you get from your port scan? Maybe you will find more info doing a full port scan.

Here is a very useful tip so you don’t waste your time waiting for nmap:

There is port 10*** but cannot connect to it either.

Got shell to the right server but can’t su to z****r because the password is not correct. Is it the same as the web service or is it different?

Got user and root here. Machine user was annoying. Nothing new learnt from here, maybe i learnt how to read beacuse of that documentation… On the countrary root was an interesting part where i learnt a lot. Not a bad machine at all.

Anyone so kind that will help me please??? I’m in stuck on initial foothold, I’ve found some stuff but still no credentials.
Please PM me.

How to get a stable shell on z*****. once i connect it throws me out of it. any problem with it