Zipper

1910121415

Comments

  • (10) Done in 3 days with some help
    Learned Totally new thing (privilege escalation using path variable) ๐Ÿ‘’

    ASHacker

  • Struggling to get a stable shell. Would appreciate a nudge ๐Ÿ˜…

  • edited January 2019

    @WillIWas said:
    Would love a nudge on user, I have a decent tty shell, but no user yet...

    Same here, could someone send me a nudge?
    I can see but can not read the flag.

  • got root!!! :)
    really cool box... i learned a really lot from it...
    root is really easier than user....
    pm me for hint.

  • edited January 2019

    Could someone send me a nudge on what to do after getting a stable shell? Can't see user.txt and know I need to go somewhere else but no idea what to do...

    Edit: got user, on to root!

  • Hi. I've got a reverse shell on Zipper. Can anybody PM me how to get user z*****? I got stuckkkk..:S

  • @sk41 said:
    Hi. I've got a reverse shell on Zipper. Can anybody PM me how to get user z*****? I got stuckkkk..:S

    I'm in the same boat. Got some mysql credentials but I guess that's just a dead end. Could someone send me a nudge?

  • Hi Guys, I am stuck in the initial foothold. I see there is a default apache page in port 80. Tried enumearting with gobust but no luck.

    Am i in right path. Any hint.?

  • edited January 2019

    @cater1257 said:
    Hi Guys, I am stuck in the initial foothold. I see there is a default apache page in port 80. Tried enumearting with gobust but no luck.

    Am i in right path. Any hint.?

    What else did you get from your port scan? Maybe you will find more info doing a full port scan.

    Here is a very useful tip so you don't waste your time waiting for nmap:
    https://forum.hackthebox.eu/discussion/927/quick-port-scan-tip

  • There is port 10*** but cannot connect to it either.

  • Got shell to the right server but can't su to z****r because the password is not correct. Is it the same as the web service or is it different?

  • Got user and root here. Machine user was annoying. Nothing new learnt from here, maybe i learnt how to read beacuse of that documentation... On the countrary root was an interesting part where i learnt a lot. Not a bad machine at all.

  • Anyone so kind that will help me please??? I'm in stuck on initial foothold, I've found some stuff but still no credentials.
    Please PM me.

  • How to get a stable shell on z*****. once i connect it throws me out of it. any problem with it

  • Wow! Rooted, without user. Learn a new thing, thank you for this experience!! :)

  • Completed this machine if anyone need help feel free to pm :)
  • if u spend more then 30 min to get root ...i'm sure u will slap u'r face when u find-out :) just like i did ...nice box thanks

  • So I have a stable reverse shell - In the wrong place. I have API access through 3**37 and GUI access with super user privs.. Can create and run scripts, but I can't get the frickin things to execute in the right place. Any advice a depressing friday night like this? I reckon there is an issue with the h****d, but no matter how I fiddle, the outcome seem to be the same. =)

  • Hi, i have found an interesting s***pt related to priv. esc. I have followed what it does but i can't read any file. What should be done?

  • I know how to execute what i want over the J*** A**, but i cannot for the love of god find this spelling mistake everyone is talking about, that "gave up" the admin user creds.

  • edited January 2019

    nvm

  • edited January 2019

    Finally rooted. Lesson of the day is not to try and exploit a non-reverted machine. Creds to @burmat for this box - I really, really enjoyed it!

    Stuck? Feel free to PM for vague nudges. =)

  • edited January 2019

    Initial foothold was the hardest part of this machine.
    User took a while, but I tried something really basic and it worked. I was overthinking.

    Whilst trying to get user I found the root privesc way, I just couldn't do it. But then it took only a couple of minutes at most.

    Great machine overall!

    Initial Foothold:
    No bruteforce. Think smart. Take what you can with what you have. Something may look similar or like a typo, but it's not.

    User:
    There's something unusual running around. Check what it does, how it works, you may find useful information on your quest

    Root:
    There's really only one place that hints you about anything to do with root. Think smart about the possibilities that you have in hands. You may need to really understand the User step.

    If there are any spoilers please PM me and I'll quickly remove it. Thanks!

  • edited January 2019

    nvm got user

  • rooted, love this machine!

    dplastico
    OSCP-OSCE

  • I have a shell but not in the right place, can anyone pm me hints on getting to the 'right place'

  • @Jxsh said:
    I have a shell but not in the right place, can anyone pm me hints on getting to the 'right place'

    I am in the same place as JXSH , can somebody PM for hints ? Thanks in advance

    TheBandit

  • Done. Most challenging part for me was initial login to web app.

    OSCP

    Hack The Box

  • Any hints for a stable shell? If I still overthinking it'll die haha

  • Rooted, really good machine the priv esc taught me a lot.

Sign In to comment.