NIbbles

@faelsfernandes said:
I found the login page, but I can’t find the user and the password. Can anybody help me here or pm me?

@Maco said:
Guys, anyone give me a hint about this box ? As i started to experience this site today.

I got root yesterday and what i did is just read through all the comments (i got until page 5 of this thread though) . All the possible hints u can get has been posted already it’s all up to u to work harder on this and you’re just probably overthinking things,
Hint:
first get the username (very easy), the password just use the info you currently have before digging up stuff :slight_smile:

please help me in getting root.txt for nibbles, i got users.txt. how do i open the root folder? always access denied

@strolling33 said:

@faelsfernandes said:
I found the login page, but I can’t find the user and the password. Can anybody help me here or pm me?

@Maco said:
Guys, anyone give me a hint about this box ? As i started to experience this site today.

I got root yesterday and what i did is just read through all the comments (i got until page 5 of this thread though) . All the possible hints u can get has been posted already it’s all up to u to work harder on this and you’re just probably overthinking things,
Hint:
first get the username (very easy), the password just use the info you currently have before digging up stuff :slight_smile:

Thank u! I got the user xD

@shadowangel said:
please help me in getting root.txt for nibbles, i got users.txt. how do i open the root folder? always access denied

enumerate bro!! use the best enumeration scripts u can find. you will definitely see something fishy which u dont see normally in ur enumeration.

I found the .sh file . S t u c k now help

Do I have to have ssh access for root?

nvm tried the same thing in the morning and it worked

I know the username but based on the conversation on this thread the password is in front of me and i tried every combination. can someone please PM me the pass?

i swear to god i tried it several times but then after a couple of hours i tried again and it worked !!! i think people are changing the password

@danymogh yeah, people are changing the password for no reason, they prefer to block everyone rather than figure out a way to quickly jump into the box and go hide in a corner to stay under the radar… Kind of annoying.
The other annoying thing are people going full blast with dirbuster, john the ripper or exploits hogging the CPU (and not working), bruteforcing their way in, when the solution is so simple you just have to write a couple commands…

i got the root flag by chance. i know i have to escalate privs from that **.sh file but don’t know how to exactly run it as root. any help is appreciated .

Any hints for priv esc ? I’m stuck… I know the file .sh, but don’t know what I have to do… pm me

After days of trying, last night I ‘guessed’ the creds and got in. Finding the vuln was easy, I got a low priv shell but then it was midnight here and I was tired. No prob, let’s resume tomorrow - so I thought.
Of course, now I can’t get back in - I guess my guess was what someone change the creds to. BAD, BAD HACKERS! When people do this, none of the suggestions matter (I read the whole thread) - you are literally shooting blind if people change the creds after logging in (I can understand WHY they do it, but it’s still wrong).
I am so sick & tired of this box, ready to move on. If anyone is willing to share the creds (I can prove I got a shell yesterday, by providing both my reverse shell code and a screenshot of my netcat connection), please PM me.

Need a bit of help please. I’ve got the username and password for the admin page and i’m guessing what i need to do now is run the exploit in metasploit? Trying to do this but I just get the error “Exploit aborted due to failure: unknown: Unable to upload payload.” All settings for the exploit look correct to me so not sure what this error means

@theboytony said:
Need a bit of help please. I’ve got the username and password for the admin page and i’m guessing what i need to do now is run the exploit in metasploit? Trying to do this but I just get the error “Exploit aborted due to failure: unknown: Unable to upload payload.” All settings for the exploit look correct to me so not sure what this error means

No matter I’ve completed it now, had to modify the exploit file…

@homdreen said:
Any hints for priv esc ? I’m stuck… I know the file .sh, but don’t know what I have to do… pm me

Nvm, already got root… XD
If anyone wants hints, send me pm… :slight_smile:

I’ve found the login page but I’m at a loss for the login creds. I’m new so the “default” hints aren’t helping much. Any help would be greatly appreciated!

@Ch1R0h said:
I’ve found the login page but I’m at a loss for the login creds. I’m new so the “default” hints aren’t helping much. Any help would be greatly appreciated!

You can find the username somewhere on the box, and the password is a default one. I know it’s not what you’ve expect, but it is !
I can only say that if you read the previous posts, there i a big hint (almost the answer) for the password :slight_smile:

PM me if you still have trouble with this !

Just wanted to say thanks to all of you for your insight and helpful commentary. Just rooted my first box and I appreciate everyone of you for helping with that. I’m looking forward to starting on the next one!

Well… that was easy!