NIbbles

1246719

Comments

  • @0xEDBEEF said:
    If you used LinEnum, you should see that something is not quite right. Also, enumerate directories, look for files that may be useful in some way.

    Oh dear ! I've just missed the primary details ! Get root ! Thanks for help !

    For peoples who need big hint

    This VM is all about enumeration, all information you need can be found by this technique.

    Jugulairel

  • @nvmb3r said:
    I'm the only one not able to guess creds to login?

    everything is default.

    punish3r

  • @macielti said:
    Me to

    got it... I swear I tried it before ...

  • haha yeah. i could have swore i tried it a dozen times myself

  • @D4rKu5 said:
    haha yeah. i could have swore i tried it a dozen times myself

    I swear I was starting to look on how to exploit the other port haha

  • Hey guys so i've been working on this machine today. I found the login page. I logged into the log in page.
    Now where im stuck is these credentials aren't the same / dont work when using a ssh command line?
    any suggestions?

  • Ok over come my previous issue. Got the right exploit

  • I'm stuck on the privesc part

    SOMEBODY PLEASE HELP ME !!!

  • @Haxor007 said:
    I'm stuck on the privesc part

    SOMEBODY PLEASE HELP ME !!!

    pm me

    punish3r

  • for those who are using the meterpreter payload,,,, try using other payloads

    punish3r

  • Logged in to the blog, but no clue what to do next. Any clues without spoiling?

    FloptimusCrime

  • @FloptimusCrime said:
    Logged in to the blog, but no clue what to do next. Any clues without spoiling?

    Enumerate

    wirehack7

  • @wirehack7 said:

    @FloptimusCrime said:
    Logged in to the blog, but no clue what to do next. Any clues without spoiling?

    Enumerate

    Got the exploit, but "manual cleanup" thingy happening and i am out of resets for the day

    FloptimusCrime

  • What should i do after i got into the nibble log under blacklist protection

    stormworm29

  • edited February 2018
    @stormworm29 Be patient. After 5 minutes your IP wont be on blacklist

    Ruster

  • edited February 2018

    you all need to stop overwriting the image.php every second

  • at last now I got in after an hour search for default user and pass. hehehe.

  • Having some issues getting a reverse shell to work... Could someone PM me please?

  • edited February 2018

    Good Evening,
    I can not bruteforce a specific directory, it doesn't work. I mean, dirb results me Calculating NOT_FOUND code....

    I've some problem to interact with the IP. I almost ping. I don't know why. Some have an idea ? Protection against bruteforcing I think. I've tried with other tools like wfuzz and a personal script. It's the same.

    When I browser the IP adresse, it's extremely slow. Do I the only one ?

    Thank you !!

    Drx51l

  • This is got to be the worst box, as it just wont stop spinning. I have user and think i can do preves but fuck!

    Magavolt

  • Any hints for privesc? Feeling like I'm pretty darn close but I'm stuck after getting the info I need after running the enum scripts

  • Nvm got it :)

  • Stuck with backdoor in PHP. The website doesn't want it and I don't understand.

    Drx51l

  • Is there a protection of PHP ? 'cause my php files I want to upload, doesn't work.. any idea ?

    Drx51l

  • edited February 2018

    for those on priv esc: after you see what you are allowed to do, and you try to do it, make sure you are doing EXACTLY what you saw you are allowed to do.

    if thats vague, pm me and tell me where youre at.

  • It's OK, I've rooted the server yesterday ;) thanks

    Drx51l

  • How many login attempts can you make before you end up on the blacklist? Any more clue to guess the user?

  • edited February 2018

    @gorias said:
    Anyone got any further hints on initial pw, im sure its staring me in the face, but its driving me nuts

    EDIT: ignore me

  • So frustrating seeing everyone posting how easy the login/password is. Feels like i tried every word connected to the page and soon all of the top-500-worst-passwords.txt list. Lol

  • Ugh. I'm yet another person being tormented by this initial login... I ran dirb recursively and with a big wordlist. WTF... Anyone have any other clues? Feel free to PM if you wan.t

Sign In to comment.