Zab

Overview

---

• 1-Recon
  • Zab_Recon
• 2-Enumeration

  • attachments

  • Zab_Web_80

  • Zab_Web_6789

• 3-Exploitation

  • attachments

  • Zab_CVE-2025-2129

  • Zab_Exploitation

• 4-Post_Enumeration

  • attachments

  • Zab_Automated

  • Zab_Initial_Foothold_UNIX

  • Zab_PSPY

  • Zab_sudo_privileges_zabbix

  • Zab_Zabbix

• 5-Privilege_Escalation

  • attachments

  • Zab_Lateral_Movement_zabbix

  • Zab_Privilege_Escalation

Target

---

192.168.239.210

Credentials

---

• zabbix:breadandbuttereater121(db)
• Admin:dinosaur(web)

Note

---

• Do not overly rely on public exploits
  • Instead, learn it by reading the documentation of the target software
    • Zabbix Scripts Execution could easily be identified if paid enough attention to the web UI
    • Because it was accessible all along under the Alerts section
    • Zabbix Scripts Execution via API is still likely feasible but more research is required