caueb
January 11, 2019, 1:50am
328
@Virgula said:
I’m at the initial foothold, Have i to search some real exploit with searchsploit to get creds or just watching around?
No need of exploit… Poke around make a list of keywords you see and try login with them.
I made a list with 5 words, doesnt need much…
fibbot
January 11, 2019, 2:19am
329
This was an excellent box, thank you @burmat !
caueb
January 11, 2019, 4:02am
330
I’m able to execute scripts as admin but it says that can not find sudo command…
Help?!
@cbx said:
I’m able to execute scripts as admin but it says that can not find sudo command…
Help?!
Maybe because sudo
is not needed?
(10) Done in 3 days with some help
Learned Totally new thing (privilege escalation using path variable) ?
Struggling to get a stable shell. Would appreciate a nudge ?
caueb
January 12, 2019, 5:02am
334
@WillIWas said:
Would love a nudge on user, I have a decent tty shell, but no user yet…
Same here, could someone send me a nudge?
I can see but can not read the flag.
got root!!!
really cool box… i learned a really lot from it…
root is really easier than user…
pm me for hint.
Could someone send me a nudge on what to do after getting a stable shell? Can’t see user.txt and know I need to go somewhere else but no idea what to do…
Edit: got user, on to root!
sk41
January 14, 2019, 5:22pm
337
Hi. I’ve got a reverse shell on Zipper. Can anybody PM me how to get user z*****? I got stuckkkk…:S
@sk41 said:
Hi. I’ve got a reverse shell on Zipper. Can anybody PM me how to get user z*****? I got stuckkkk…:S
I’m in the same boat. Got some mysql credentials but I guess that’s just a dead end. Could someone send me a nudge?
Hi Guys, I am stuck in the initial foothold. I see there is a default apache page in port 80. Tried enumearting with gobust but no luck.
Am i in right path. Any hint.?
caueb
January 15, 2019, 12:02pm
340
@cater1257 said:
Hi Guys, I am stuck in the initial foothold. I see there is a default apache page in port 80. Tried enumearting with gobust but no luck.
Am i in right path. Any hint.?
What else did you get from your port scan? Maybe you will find more info doing a full port scan.
Here is a very useful tip so you don’t waste your time waiting for nmap:
I see too many people using a full nmap scan on release day which takes ages. Often times first blood is claimed by the pros while people still have scans running. Using masscan, you can scan all TCP and UDP ports in roughly 2-3 minutes. masscan...
Reading time: 1 mins 🕑
Likes: 2 ❤
There is port 10*** but cannot connect to it either.
Got shell to the right server but can’t su to z****r because the password is not correct. Is it the same as the web service or is it different?
Virgula
January 16, 2019, 8:16pm
343
Got user and root here. Machine user was annoying. Nothing new learnt from here, maybe i learnt how to read beacuse of that documentation… On the countrary root was an interesting part where i learnt a lot. Not a bad machine at all.
Anyone so kind that will help me please??? I’m in stuck on initial foothold, I’ve found some stuff but still no credentials.
Please PM me.
How to get a stable shell on z*****. once i connect it throws me out of it. any problem with it
sk41
January 18, 2019, 7:04pm
346
Wow! Rooted, without user. Learn a new thing, thank you for this experience!!
zz123
January 18, 2019, 10:15pm
347
Completed this machine if anyone need help feel free to pm