NIbbles

Need help with the initial password, I’m new to this, any help will be appreciated Thanks!

As others have said, the initial password is really easy (an HTB default). However, it took me about a day to get in because people kept changing it. Kinda frustrating, since I knew I had it from the start.

Help

I used Cewl for the password list and i try with 2 potential username for login to ssh but it’s doesn’t work …

  • Maybe my word-list is not successful …
  • Maybe i don’t have the good username …
  • Maybe ssh is not the good way …

I’m stuck, please help

And Also, do you know how to convert string to upper and lower case in my word-list ?

Got login creds, got User flag (myself this time), now trying to get root. I see a file that is interesting, however cannot run it, along with a lot of other typical shell commands. is using the meterpreter shell the wrong way to go about this?

Now I’m sure about the user but the password still unreachable for me…

Can you help me ?

I am having the same issue… I have the username but every “easy” password I try fails. I’m not sure if I’ve got the password wrong or if I’m filling in certain configuration values incorrectly when I try my attack.

Anyone able to PM? This box is doing my head in to get the pass for blog. Got the username no bother, and sure I’ve got the pass, but no avail.

I found the login page, but I can’t find the user and the password. Can anybody help me here or pm me?

Guys, anyone give me a hint about this box ? As i started to experience this site today.

@faelsfernandes said:
I found the login page, but I can’t find the user and the password. Can anybody help me here or pm me?

@Maco said:
Guys, anyone give me a hint about this box ? As i started to experience this site today.

I got root yesterday and what i did is just read through all the comments (i got until page 5 of this thread though) . All the possible hints u can get has been posted already it’s all up to u to work harder on this and you’re just probably overthinking things,
Hint:
first get the username (very easy), the password just use the info you currently have before digging up stuff :slight_smile:

please help me in getting root.txt for nibbles, i got users.txt. how do i open the root folder? always access denied

@strolling33 said:

@faelsfernandes said:
I found the login page, but I can’t find the user and the password. Can anybody help me here or pm me?

@Maco said:
Guys, anyone give me a hint about this box ? As i started to experience this site today.

I got root yesterday and what i did is just read through all the comments (i got until page 5 of this thread though) . All the possible hints u can get has been posted already it’s all up to u to work harder on this and you’re just probably overthinking things,
Hint:
first get the username (very easy), the password just use the info you currently have before digging up stuff :slight_smile:

Thank u! I got the user xD

@shadowangel said:
please help me in getting root.txt for nibbles, i got users.txt. how do i open the root folder? always access denied

enumerate bro!! use the best enumeration scripts u can find. you will definitely see something fishy which u dont see normally in ur enumeration.

I found the .sh file . S t u c k now help

Do I have to have ssh access for root?

nvm tried the same thing in the morning and it worked

I know the username but based on the conversation on this thread the password is in front of me and i tried every combination. can someone please PM me the pass?

i swear to god i tried it several times but then after a couple of hours i tried again and it worked !!! i think people are changing the password

@danymogh yeah, people are changing the password for no reason, they prefer to block everyone rather than figure out a way to quickly jump into the box and go hide in a corner to stay under the radar… Kind of annoying.
The other annoying thing are people going full blast with dirbuster, john the ripper or exploits hogging the CPU (and not working), bruteforcing their way in, when the solution is so simple you just have to write a couple commands…

i got the root flag by chance. i know i have to escalate privs from that **.sh file but don’t know how to exactly run it as root. any help is appreciated .