@samiux said:
Just want to understand why “GUI access disabled” is there? I do not know about Zabbix. Anyone can explain?
I’m guessing that the creator doesn’t want you to solve this through the gui. Or if you’re asking why zabbix has this feature, it can be used during maintenance for example.
@n1b1ru said:
I need some right direction. Mad trying to get a valid user to enter to web page. On the other hand guest allows me to get some limited information with js** API
As mentioned before in this thread, there is no need to login to the web page.
@n1b1ru said:
Well guest doesn’t allow me to interact with API. I think the RCE is related with API and the posibility to upload scripts. Anyway I cannot do it
Spoiler Removed - Arrexel
@kienast said:
Why am I suddenly able to user the admin password I used before ??? waouh , this mahcine is super weird
If you are on free, perhaps because people keep messing with it.
@kienast said:
Why am I suddenly able to user the admin password I used before ??? waouh , this mahcine is super weird
because someone changed the config
I believe all the questions in this topic are going in a loop now - everything possible was already said. There are tons of hints for every possbile situation. Any issue or weirdness you see was already discussed.
Imo quite a few comments are already way too spoilery as well …
@n1b1ru said:
Well guest doesn’t allow me to interact with API. I think the RCE is related with API and the posibility to upload scripts. Anyway I cannot do it
@n1b1ru said:
Well guest doesn’t allow me to interact with API. I think the RCE is related with API and the posibility to upload scripts. Anyway I cannot do it
@n1b1ru said:
Well guest doesn’t allow me to interact with API. I think the RCE is related with API and the posibility to upload scripts. Anyway I cannot do it
Find a valid login and generate an auth token.
A valid user for web page ??
For the A** access…
ok. I tried it but with no success. Anyway A*** gave me just a valid user
Hey, I’have a reverse shell, but I think in th wrong place. Can some one PM me ? I just want know if I have to escape this place or try an “over place”
Hi, I am wondering how people managed to find the CMS, I tried using dirbuster, gobuster with using keywords generated with cewl from the initial page.
Humans, please do not keep on resetting the server. It will not help. It is very annoying…
Anyways, got the root access, thanks to some nudge from @fjv@sajkox and @avoidy .
Hint for user: No need of using hashcat, it is just right infront of your eye, and resetting the server wont get you user.txt.
Hint for root: Again, something is just right in front of your eye…