Finally got root! Learned a bunch… thanks to @copt and @takeiteasy for the nudges
Any help on PM for sources on what to do after reversing the interesting file would be much appreciated. Kinda new to pentesting here.
Type your comment> @mannubb said:
Type your comment> @sherrymi said:
GUI deny access。what happen?i need help
If not gui, find the cli.
i can not find cli。my god。how to use 10500 port
Type your comment> @sherrymi said:
Type your comment> @mannubb said:
Type your comment> @sherrymi said: > GUI deny access。what happen?i need help If not gui, find the cli.
i can not find cli。my god。how to use 10500 port
Search za*****x-cli
Driving me nuts with the resets today
Type your comment> @mannubb said:
Type your comment> @sherrymi said:
Type your comment> @mannubb said:
Type your comment> @sherrymi said: > GUI deny access。what happen?i need help If not gui, find the cli.
i can not find cli。my god。how to use 10500 port
Search za*****x-cli
Thank you! i get user
Type your comment> @mannubb said:
Type your comment> @sherrymi said:
GUI deny access。what happen?i need help
If not gui, find the cli.
i need root?can u give me some help?
Type your comment> @sherrymi said:
Type your comment> @mannubb said:
Type your comment> @sherrymi said: > GUI deny access。what happen?i need help If not gui, find the cli.
i need root?can u give me some help?
Enumeration should identify the likely candidate.
Strings it.
Type your comment> @mannubb said:
Type your comment> @sherrymi said:
Type your comment> @mannubb said:
Type your comment> @sherrymi said: > GUI deny access。what happen?i need help If not gui, find the cli.
i need root?can u give me some help?
Enumeration should identify the likely candidate.
Strings it.
i am not understand。sorry
In the final step to root there is a command injection, however not letting pwn the box. Looks like a decoy and distraction -
In general the Box was very nice.
Is it just me, or does the box keep acting weird by not showing the user’s home directory?
Finally rooted after kicking myself repeatedly for amateur mistakes. Here’s my hints (Please PM me if there are spoilers, and I’ll edit.)
Initial: Don’t be content with the default wordlists during your initial enumeration, especially with dirb. Read every message you can find that can give you a way in. Go back to absolute basics when trying to determine passwords. Documentation is your friend. There may be more than one way to access and control a system.
User: Can’t find what you want? Are you sure you are in the right place?
“How would you know the difference between the dream world, and the real world?”
– Morpheus.
When you are in the real world, there’s no place like 127.0.0.1 for hints on elevated access.
Root: Stay where you are. Let the u**** be your puppet
I know I’m using a lot of cryptic messages, but as one of my previous posts was removed, I had to be slightly more vague.
Feel free to PM me for more concrete hints.
Hello guys,
After some struggle I was able to get a reverse shell using the exploit.But I’m logged in as “Zabbix” how to jump to “Zipper”.
Please PM me…help would be appreciated…thanks in advance !!!
Hey guys,
I managed to get a rev shell, currently working on the user and I am very stuck in what I presume to be a d***** e*********t. This may be an irrelevant rabbithole but if you have any resources that could point me in the right direction that would be much appreciated, cheers.
Type your comment> @deathflash1411 said:
Hello guys,
After some struggle I was able to get a reverse shell using the exploit.But I’m logged in as “Zabbix” how to jump to “Zipper”.
Please PM me…help would be appreciated…thanks in advance !!!
I’m in the same boat with @deathflash1411. Please PM me for a little kick
Type your comment> @Aoxomoxoa said:
Type your comment> @deathflash1411 said:
Hello guys,
After some struggle I was able to get a reverse shell using the exploit.But I’m logged in as “Zabbix” how to jump to “Zipper”.
Please PM me…help would be appreciated…thanks in advance !!!
I’m in the same boat with @deathflash1411. Please PM me for a little kick
Explore Zabbix Admin GUI
Could someone PM me a hint on initial foothold?
Can’t seem to a guess user/password from the webapp I have access to.
Can someone help me to get tty ?
I’ve been at this box for days now. I have a reverse shell but it’s in the “wrong place” I’m going crazy. I’d like to finish this box before it gets retired. Any small tip how to get to the “right place” would be greatly appreciated.