NIbbles

@bore1971 said:
A first ctf and linux noob got root.

me: I AM A GOOOOOD!!!

wife: Get your ■■■ out here and help me bring in the groceries!

PM me need your help on the root flag

I could use some help in just getting the Nibbleblog credentials. I’m definitely overthinking them and getting blacklisted a lot.

@AikiGage said:
I could use some help in just getting the Nibbleblog credentials. I’m definitely overthinking them and getting blacklisted a lot.

The one hint that helped me was think default usernames and think of an unsecure password from the phrases or words you have already seen on the website. Remember UNSECURE this is a dumb user.

@TheRealHooz said:

@AikiGage said:
I could use some help in just getting the Nibbleblog credentials. I’m definitely overthinking them and getting blacklisted a lot.

The one hint that helped me was think default usernames and think of an unsecure password from the phrases or words you have already seen on the website. Remember UNSECURE this is a dumb user.

Got it! Thanks all!

Second box and just got root, feel free to PM if you need help :slight_smile:

■■■! people keep changing the default creds!!!

@mrb3n you should disable the functionality. It’s useless and annoying

so found the directory and probably the “login page” but I really dont know if it Is and if it is I keep getting black listed any hints?

got root, nice box :wink:

@Aijaz said:

@Aijaz said:
Hi, I am new on the HTB.

I have logged in to the admin panel and trying to upload the shell, but I am not getting any reverse connection. I have opened ports on my router also, but still I am not getting any reverse connection. I have tried 3-4 different payload but still nothing. Can some give me a hint.

Never Mind…I have got the access…it was a silly mistake from my side…now for user.txt

EDIT 1 :- Got the user.txt…on to root flag…I have no idea on how to process further,am stuck. Can some help me.

Finally got the root flag…

got ROOT

Wow, Dirbuster showed me the shell after someone else exploited it and I got User without even trying. Looking back I understand it, but I don’t know the credentials or anything as I literally just navigated to the shell location and grabbed the flag. Any help?

@Wiamly said:
Wow, Dirbuster showed me the shell after someone else exploited it and I got User without even trying. Looking back I understand it, but I don’t know the credentials or anything as I literally just navigated to the shell location and grabbed the flag. Any help?

Credentials are really just staring at you, dirbuster can give you the username (but it’s obvious), password is just right there

@Wiamly said:
Wow, Dirbuster showed me the shell after someone else exploited it and I got User without even trying. Looking back I understand it, but I don’t know the credentials or anything as I literally just navigated to the shell location and grabbed the flag. Any help?

Reset the machine and try again

Need help with the initial password, I’m new to this, any help will be appreciated Thanks!

As others have said, the initial password is really easy (an HTB default). However, it took me about a day to get in because people kept changing it. Kinda frustrating, since I knew I had it from the start.

Help

I used Cewl for the password list and i try with 2 potential username for login to ssh but it’s doesn’t work …

  • Maybe my word-list is not successful …
  • Maybe i don’t have the good username …
  • Maybe ssh is not the good way …

I’m stuck, please help

And Also, do you know how to convert string to upper and lower case in my word-list ?

Got login creds, got User flag (myself this time), now trying to get root. I see a file that is interesting, however cannot run it, along with a lot of other typical shell commands. is using the meterpreter shell the wrong way to go about this?

Now I’m sure about the user but the password still unreachable for me…

Can you help me ?

I am having the same issue… I have the username but every “easy” password I try fails. I’m not sure if I’ve got the password wrong or if I’m filling in certain configuration values incorrectly when I try my attack.

Anyone able to PM? This box is doing my head in to get the pass for blog. Got the username no bother, and sure I’ve got the pass, but no avail.