NIbbles

The fact that there is no single post about Nibbles makes me feel even more stupid but whatever .. I need help
I kind of know what the vulnerability is but cant find log in details for the blog
Any one can point me in right direction please ?
thanks

«13456719

Comments

  • This machine retired Blue. Its very easy to get user. Try not to overthink and get a "default" point of view.

  • @TheCanisLupus said:
    The fact that there is no single post about Nibbles makes me feel even more stupid but whatever .. I need help
    I kind of know what the vulnerability is but cant find log in details for the blog
    Any one can point me in right direction please ?
    thanks

    Omg, spoken my words.

  • Any hints on root ?

  • Please give some hint on Nibbles root?

  • do something simple, with something provided to you, to access root.txt

    fhlipZero

  • Just enumerate the system as always... u can see those methods on some ippsec videos..

    RevangelyonX

  • Hello. Yesterday i was able to exploit the machine and get a meterpreter running. Today it seems like the credentials are changed?

  • @hartkon said:
    Hello. Yesterday i was able to exploit the machine and get a meterpreter running. Today it seems like the credentials are changed?

    reset machine and try again ... ;)

    Agent22

  • @hartkon said:
    Hello. Yesterday i was able to exploit the machine and get a meterpreter running. Today it seems like the credentials are changed?

    Did a reset fix your issue, because the same thing happened to me. I got the password, now it's not working even after a reset

  • Hi guys. I know the vulnerability etc. but tbh I can't find the "obvious" credentials as you referer to not "overthink" here.. pls god I just need this small piece of info :( any hints here?

  • edited January 2018

    @larry said:
    Hi guys. I know the vulnerability etc. but tbh I can't find the "obvious" credentials as you referer to not "overthink" here.. pls god I just need this small piece of info :( any hints here?

    If you have found the login page and know what its for, you will figure it out.

    As for root, run linenum.sh (as you should always do anyways) and the rest is as easy as making lemonade...wait...I take that back. It's MUCH easier than making lemonade.

    lowpriv

  • well I have found the login page and I already tried several creds.. not overthinking made me to google, but didn't found any defs.. I checked the requests for stuff, nothing..

    I know as soon as I have the creds it's a piece of cake.. :(

  • unfortunately there are no default creds to try. I found it difficult because of something I did wrong. Having said that once I found it, I had to slap myself for missing it. Instead of "Try Harder" it should be "Try Easier" - sometimes we overcomplicate the problem cause it can't be that easy...

  • all i tried to get password ends up in blacklist....

    peek

  • edited January 2018

    @peek said:
    all i tried to get password ends up in blacklist....

    same problem here.. Don't know how to "Try Easier" yet.. pfff

    Hack The Box

  • i found it finally, it was in front of me.

    peek

  • @peek any hint?
    i have fed up this msg "Nibbleblog security error - Blacklist protection" and did go through all files on server and github

  • I think to had found all I need, but I need a hand for use this! Can someone help me?

  • Finally got user and root :)

    Hack The Box

  • I've done harder machines than this, I know it, but I can't seem to get passed the first steps on this either, can someone PM me a hint so I can facepalm hard?

  • @fhlipZero said:
    do something simple, with something provided to you, to access root.txt

    Please give one more hint.

  • @agnarus said:
    @peek any hint?
    i have fed up this msg "Nibbleblog security error - Blacklist protection" and did go through all files on server and github

    I did the same, I went through all and everything >.< heeeelp pls

  • edited January 2018

    @larry said:

    @agnarus said:
    @peek any hint?
    i have fed up this msg "Nibbleblog security error - Blacklist protection" and did go through all files on server and github

    I did the same, I went through all and everything >.< heeeelp pls

    hint: guest it.

  • @Farmer789 said:

    @fhlipZero said:
    do something simple, with something provided to you, to access root.txt

    Please give one more hint.

    some files may have permission to execute

  • At first I was stuck on the first "default" thingy, I did even checked "seclist github" for it. Guys, the thing you are looking for, is not something in world's default, but here in hackthebox.

  • i confess, i gained access to admin page, but I don't know how to get access to root or user.txt. Some tips?

  • @Skullsec said:
    i confess, i gained access to admin page, but I don't know how to get access to root or user.txt. Some tips?

    we cant answer without spoiling

    peek

  • I must be missing an obvious reference on the login credentials or something, are they literally spelled out somewhere or is there a clue/reference that should lead you to determine them?

  • @mercwri said:
    I must be missing an obvious reference on the login credentials or something, are they literally spelled out somewhere or is there a clue/reference that should lead you to determine them?

    In HTB, the names of the machines always means something...

  • aaaaaaaaaaaaaaaah... got it

Sign In to comment.