NIbbles

11314161819

Comments

  • @cExplr said:
    > @trodix said:
    > I'v tried everything, can't find user/pass for the admin page. I've been on it for four hours.. and I've read so many posts..
    >
    > I've used cewl to generate a wordlist from the blog page and the login page.. Can I have some help please?

    Dont over think this. This has very weak combinations. Username wise think of the most common username like the usual defaults. Password wise think about it since it is weak. What does it mean by very weak?

    Found it !

  • if someone needs any help pm me

    stevv

  • @stevv said:
    if someone needs any help pm me

    I got user just struggling to get root. I used the exploit to get user but need help on root. Having trouble privesc and need some pointers

  • OK so no DH , but can we not reset the machine every 5 minutes? Some of us (me) are either slow typers or have slow connection. I just get ready to get a shell or try and the connection is reset

  • Finally got root!!!!! Ya so I might be smacking my forehead!!

  • @cExplr said:
    > @trodix said:
    > I'v tried everything, can't find user/pass for the admin page. I've been on it for four hours.. and I've read so many posts..
    >
    > I've used cewl to generate a wordlist from the blog page and the login page.. Can I have some help please?

    Dont over think this. This has very weak combinations. Username wise think of the most common username like the usual defaults. Password wise think about it since it is weak. What does it mean by very weak?

    P.m me plz to help a bit!

  • can someone pm me login credentials, i cant find it. tried cewl etc.

  • Machine rooted!!, very interesting one

    S3cr3tSDN
    Solve All or Die Trying

  • sooooo Im looking at the directories and I dont know what to do any hints on what I should do next?

    FrostMorn21

  • Anyone need hits (not answer), just PM me. :lol:

  • @imaginarybit said:
    Anyone need hits (not answer), just PM me. :lol:

    PMd!

  • I've found the appropriate file (XXXXXXX.sh) just dont know how to get priv esc from it. helppppppppppp please.

  • can anyone help me about notes.txt and hype_key . i couldnt understand what that means

  • nibbleblog default credentials isnt working for me

  • edited June 2018

    So I can not spawn a TTY shell and keep getting errors when I run sudo command.
    I have tried every Spawning method on several sites.

    when I try to spawn a TTY

    can't access TTY job control turned off

    When I run sudo: (i assume because i dont have TTY)

    : unable to resolve host Nibbles: Connection timed out
    no tty present and no askpass program specified

    Im at the very end. Going on my third day and just cant get this .sh file to play nicely.

  • What an emotional few days ha. But I finally have root access. If anyone needs help please ask. Thanks to all who gave me some hints

  • I have tty full interactive but still can't get root. any help?

  • A first ctf and linux noob got root.

    me: I AM A GOOOOOD!!!!!

    wife: Get your ass out here and help me bring in the groceries!

  • @bore1971 said:
    A first ctf and linux noob got root.

    me: I AM A GOOOOOD!!!!!

    wife: Get your ass out here and help me bring in the groceries!

    PM me need your help on the root flag

  • I could use some help in just getting the Nibbleblog credentials. I'm definitely overthinking them and getting blacklisted a lot.

  • @AikiGage said:
    I could use some help in just getting the Nibbleblog credentials. I'm definitely overthinking them and getting blacklisted a lot.

    The one hint that helped me was think default usernames and think of an unsecure password from the phrases or words you have already seen on the website. Remember UNSECURE this is a dumb user.

  • @TheRealHooz said:

    @AikiGage said:
    I could use some help in just getting the Nibbleblog credentials. I'm definitely overthinking them and getting blacklisted a lot.

    The one hint that helped me was think default usernames and think of an unsecure password from the phrases or words you have already seen on the website. Remember UNSECURE this is a dumb user.

    Got it! Thanks all!

  • Second box and just got root, feel free to PM if you need help :)

    melka

  • edited June 2018

    OMG! people keep changing the default creds!!!

    @mrb3n you should disable the functionality. It's useless and annoying

    dodo

  • so found the directory and probably the "login page" but I really dont know if it Is and if it is I keep getting black listed any hints?

    FrostMorn21

  • got root, nice box ;)

    L0s3r

  • @Aijaz said:

    @Aijaz said:
    Hi, I am new on the HTB.

    I have logged in to the admin panel and trying to upload the shell, but I am not getting any reverse connection. I have opened ports on my router also, but still I am not getting any reverse connection. I have tried 3-4 different payload but still nothing. Can some give me a hint.

    Never Mind...I have got the access....it was a silly mistake from my side...now for user.txt

    EDIT 1 :- Got the user.txt......on to root flag...I have no idea on how to process further,am stuck. Can some help me.

    Finally got the root flag...

  • got ROOT

  • Wow, Dirbuster showed me the shell after someone else exploited it and I got User without even trying. Looking back I understand it, but I don't know the credentials or anything as I literally just navigated to the shell location and grabbed the flag. Any help?

  • @Wiamly said:
    Wow, Dirbuster showed me the shell after someone else exploited it and I got User without even trying. Looking back I understand it, but I don't know the credentials or anything as I literally just navigated to the shell location and grabbed the flag. Any help?

    Credentials are really just staring at you, dirbuster can give you the username (but it's obvious), password is just right there

    melka

Sign In to comment.