Posts

Showing posts from March, 2019

10 - HTB: Zipper

Image
Hack The Box: Zipper I do a fair amount of HTB, but it's not often I want to do a write up on a box.  Typically, this is because many of the boxes (not all, but I've noticed a lot) tend to have a lot of the typical CTF-y tropes.  Guess the creds, a hint here or there, a random share with a single file on it that has a single set of credentials for something you'll find by doing a zone transfer, or whatnot.
Now, there's nothing wrong with machines like those, they just don't really pique my interest and I usually get frustrated, as I'm trying to approach from a perspective of learning and practicing my skills vs. real-world targets.  I don't like tricky little 'Gotchas!' in HTB's-- it reminds me of movies that break the fourth wall.  Zipper wasn't one of those boxes.  It was quite good, and definitely more along the lines of realism due to the technologies in use.  A legitimate open-source application, Zabbix, a Docker install and a clever p…