NIbbles

1356719

Comments

  • Anyone got any further hints on initial pw, im sure its staring me in the face, but its driving me nuts

  • @gorias said:
    Anyone got any further hints on initial pw, im sure its staring me in the face, but its driving me nuts

    You can guess the password with all the informationen you have so far!

  • Got it - It really is obvious

  • i tried alot i cant get it .wat is the user name help me

  • @PinkPanther said:

    @Skullsec said:
    SPOILER! SPOILER! SPOILER!

    Someone help me how to fix this f*cking problem:

    This exploit may require manual cleanup of 'image.php' on the target

    Thanks.

    I hate to be the dude that says reset.. But you are gonna want to reset the box

    I solved that and cat root.txt, but thanks to your answer...

  • @Skullsec

    Was the issue rebooting? I had the same cleanup issue, tried the reset but no dice

  • Anyone around to message a quick question or two? I feel like I have what I'm looking for. Just need to clear up something.

  • @msshtb said:
    Anyone around to message a quick question or two? I feel like I have what I'm looking for. Just need to clear up something.

    What is the question?

  • @Skullsec said:

    @msshtb said:
    Anyone around to message a quick question or two? I feel like I have what I'm looking for. Just need to clear up something.

    What is the question?

    Thanks, but I got to the next step! Appreciate it.

  • So I started working this box last night I easily guessed the first password. Dirbuster didn't find anything that stuck out, so now I'm not sure if I should be finding something on the site to establish an ssh username or exploiting the site itself. Not really sure if I want hints or am just using this post to vent my frustrations.

  • So I finally got a 'shell' but it is pretty shady and won't let me complete actions that I should be able to complete. User.txt done, root.txt to go!

  • I am logged into the site, but Im hitting a brick wall now. Any hints for my next step?

  • @treadstone said:
    I am logged into the site, but Im hitting a brick wall now. Any hints for my next step?

    You'll need the username and pass outside the site haha... if you need another hint, PM me...

  • hows everyone getting on with root on this box? -any hints would be nice

  • @gorias said:
    hows everyone getting on with root on this box? -any hints would be nice

    Not going to lie, the initial "password guessing" had me in all sorts of wtf, but the priv esc is extremely straightforward.

    As previously stated, some basic enumeration will bring up something fishy

  • That password lol!!! I did got FFS after I logged in .

    monkeychild

  • meh, its easy all about Enumeration

  • @hartkon said:
    This machine retired Blue. Its very easy to get user. Try not to overthink and get a "default" point of view.

    tried everything but can't seem to find what everyone is talking about i have tried not to overthink

    Hack The Box

  • any hint for getting root flag ?

  • I'm on this machine for the last 2 hours now and i'm not able to find anything.
    i have already try dirb and dirbuster but cannot find anythings..
    Any tips ? It's so frustrating !

    Jugulairel

  • @jugulaire said:
    I'm on this machine for the last 2 hours now and i'm not able to find anything.
    i have already try dirb and dirbuster but cannot find anythings..
    Any tips ? It's so frustrating !

    view source, if you don't see the first hint maybe get a new prescription?

  • @jugulaire said:
    I'm on this machine for the last 2 hours now and i'm not able to find anything.
    i have already try dirb and dirbuster but cannot find anythings..
    Any tips ? It's so frustrating !

    use your current solution and webserver name ****.txt dictionary

  • This is really frustrating. It is my first maschine and i spent 4 hours on it. looked at so much things: php/bit files, images, dirb, dirbuster for the initial password but could not find it. i don't know how i should guess it. i also don't know what htb "deafult" password are... this is really frustrating

  • you will have probably thought you've tried it already. you will have swore you've tried it 100 times already. how could have you not have tried it?

  • finally got access to admin creds, it was really obvious. For guys who are stuck like me, do not get disappointed and keep trying with whatever info you have in hand about the box.

  • Hey, finally i've found what i need. but i'm totally blocked by the root flag. Anybody can give me some hints ? i have of course used LinEnum to find informations.

    Jugulairel

  • @jugulaire said:
    Hey, finally i've found what i need. but i'm totally blocked by the root flag. Anybody can give me some hints ? i have of course used LinEnum to find informations.

    If you used LinEnum, you should see that something is not quite right. Also, enumerate directories, look for files that may be useful in some way.

  • Major Spoiler..!

    Look where you have root privilege and use that to get root flag

    punish3r

  • I'm the only one not able to guess creds to login?

Sign In to comment.