NIbbles

11314151618

Comments

  • owned the user but i am unable to get the root..any hints..?

  • I feel like I'm a step away from getting the root.txt, but I'm just missing a crucial step with the *****.sh file.

    Can someone PM me?

  • I found the login page and the username,but i cannot get the password.Give me a hint,thank you!
  • I have been struggling to "guess" the username/password in admin login form with no result. I think I have the correct username (written also in a file) but I am not really into the "Try Harder" joke. Could anyone help?

  • @htbfk said:
    I have been struggling to "guess" the username/password in admin login form with no result. I think I have the correct username (written also in a file) but I am not really into the "Try Harder" joke. Could anyone help?

    think real simple. really really simple

    allahackbar

  • It seems that I am the biggest noob, since I cannot find even the login page. So far, I managed to find the "hidden" site, and also find the "hidden" folders like: boot. I even found a folder with a file named login, but I cannoy execute it. I can only see its code. I even tried to execute it through the index.php, but this didnt help me either. If someone can give a hint it would bw great, because I am one step before quitting.

    Revolution

  • "Nibbleblog security error - Blacklist protection" I haven't bruted it but looks like brute protection.. i read from this posts user/pass is simple to guess but cant got hold of it! any one to PM a direction?

    masuse

  • @Revolution said:
    It seems that I am the biggest noob, since I cannot find even the login page. So far, I managed to find the "hidden" site, and also find the "hidden" folders like: boot. I even found a folder with a file named login, but I cannoy execute it. I can only see its code. I even tried to execute it through the index.php, but this didnt help me either. If someone can give a hint it would bw great, because I am one step before quitting.

    make it simple! I just logged in to admin

    masuse

  • New to HTB, and this was my first box... Thx
  • @Revolution said:
    It seems that I am the biggest noob, since I cannot find even the login page. So far, I managed to find the "hidden" site, and also find the "hidden" folders like: boot. I even found a folder with a file named login, but I cannoy execute it. I can only see its code. I even tried to execute it through the index.php, but this didnt help me either. If someone can give a hint it would bw great, because I am one step before quitting.

    You're on the wrong path

  • @shane2483 said:
    So I can not spawn a TTY shell and keep getting errors when I run sudo command.
    I have tried every Spawning method on several sites.

    when I try to spawn a TTY

    can't access TTY job control turned off

    When I run sudo: (i assume because i dont have TTY)

    : unable to resolve host Nibbles: Connection timed out
    no tty present and no askpass program specified

    Im at the very end. Going on my third day and just cant get this .sh file to play nicely.

    I'm stuck on this exact step too

  • With a hint from a friend, after 8 hours I managed to get the admin credentials and get a shell. Now the problem is that I used the search command of the meterpreter, and also the find command of the linux shell in very directory that I have access, in order to find the user.txt file, but I cannot find it. Maybe I need to escalate privileges first ? Any hint about this would be welcome.

    Revolution

  • Already got root, it was a really easy box. I have to mention that the most difficult part for me was the guessing of the initial credentials. Apart from that, the box is quite simple. If anyone needs help don't hesitate to PM me :+1:

  • @Revolution said:
    With a hint from a friend, after 8 hours I managed to get the admin credentials and get a shell. Now the problem is that I used the search command of the meterpreter, and also the find command of the linux shell in very directory that I have access, in order to find the user.txt file, but I cannot find it. Maybe I need to escalate privileges first ? Any hint about this would be welcome.

    Not sure what method you used to get your shell, however, you should be able to cat and ls at the least. Try looking around different user directories. When in doubt, always start closer to home! ;-)

  • edited June 2018

    @Revolution said:
    With a hint from a friend, after 8 hours I managed to get the admin credentials and get a shell. Now the problem is that I used the search command of the meterpreter, and also the find command of the linux shell in very directory that I have access, in order to find the user.txt file, but I cannot find it. Maybe I need to escalate privileges first ? Any hint about this would be welcome.

    Spoiler Removed - Arrexel

    masuse

  • As somebody who has just rooted this box, let me say this (and I am sure I am repeating others here):

    This box is not as hard as you think. Do not over think anything, otherwise you will miss it. If you believe you are doing it right, you probably are. Keep trying over and over, perhaps reboot the box once or twice and try again. I had to reboot twice, and the exact same thing worked for me, which had failed earlier.

    I didn't use any bruteforcing of the password either, highly unnecessary. The information really is there for you. Over all, it really was a "cewl" box.

  • Got Root ! Now what ?

  • edited June 2018

    If you read the post please disregard it, I found out what I was doing wrong with the xxx.sh file.

    Elio

  • @ashishjv1 said:
    Got Root ! Now what ?

    Onto the next box :)

    Looking for past Hack the Box write-ups or other security stuff? Feel free to visit: https://dastinia.io <3

  • edited June 2018

    Anyone willing to help me? I'm stuck at the very last step. You can PM me, no spoilers please

    EDIT: So when executing a certain command in the xxx.sh file it says that it's not able to resolve the hostname. I'm pretty sure I understand how to use xxx.sh but that command makes my terminal hang and gives me that weird error. Hints?

    Elio

  • edited June 2018

    @elio said:
    Anyone willing to help me? I'm stuck at the very last step. You can PM me, no spoilers please

    EDIT: So when executing a certain command in the xxx.sh file it says that it's not able to resolve the hostname. I'm pretty sure I understand how to use xxx.sh but that command makes my terminal hang and gives me that weird error. Hints?

    I had the same issue with the shell, but I managed to complete the challenge. I just had to wait a bit in order to run the code.

    P.S If you are sure that what you are doing is the right thing but it does not work, take a good break and re-check it. It worked in my case.

    Revolution

  • @onlyamedic said:

    @ashishjv1 said:
    Got Root ! Now what ?

    Onto the next box :)

    Indeed ! :)

  • If anyone can lend a hint for root, that would be great. PM Me

  • @bukkits said:

    @shane2483 said:
    So I can not spawn a TTY shell and keep getting errors when I run sudo command.
    I have tried every Spawning method on several sites.

    when I try to spawn a TTY

    can't access TTY job control turned off

    When I run sudo: (i assume because i dont have TTY)

    : unable to resolve host Nibbles: Connection timed out
    no tty present and no askpass program specified

    Im at the very end. Going on my third day and just cant get this .sh file to play nicely.

    I'm stuck on this exact step too

    Make it three. I've exhausted much of my knowledge and research, and I see the file that everyone is talking about, but I can't seem to do anything with it.

    If someone can send a PM for help, it would be appreciated.

  • > @TheCanisLupus said:
    > The fact that there is no single post about Nibbles makes me feel even more stupid but whatever .. I need help
    > I kind of know what the vulnerability is but cant find log in details for the blog
    > Any one can point me in right direction please ?
    > thanks

    I am newb and i am stuck someone assit me please

    Arrexel
    OSCP | OSCE half way!

  • Finally got Root

  • so i have got to the point of logging thanks to some tips Blackarrow gave me now i am stuck i have the username but no password i guess ill keep trying it.

    Arrexel
    OSCP | OSCE half way!

  • Eh, I am really stuck. I tryied this box several times now. I crawled website, directories, find out xml with username, but I am not able to guess password. Whatever I tryied, i failed. My combos of usr/pwd do not work at all.
    Could you please hint me for creds for login page?

    Hack The Box
    If you appreciate my help, please give +1 respect https://www.hackthebox.eu/home/users/profile/50022

  • @karelchajim said:
    Eh, I am really stuck. I tryied this box several times now. I crawled website, directories, find out xml with username, but I am not able to guess password. Whatever I tryied, i failed. My combos of usr/pwd do not work at all.
    Could you please hint me for creds for login page?

    nevermind. got it. omg

    Hack The Box
    If you appreciate my help, please give +1 respect https://www.hackthebox.eu/home/users/profile/50022

  • > @karelchajim said:
    > @karelchajim said:
    > Eh, I am really stuck. I tryied this box several times now. I crawled website, directories, find out xml with username, but I am not able to guess password. Whatever I tryied, i failed. My combos of usr/pwd do not work at all.
    > Could you please hint me for creds for login page?
    >
    >
    >
    >
    >
    > nevermind. got it. omg

    hey bro can you pm hint on pass word i am stuck same as you at this point

    Arrexel
    OSCP | OSCE half way!

Sign In to comment.