NIbbles

I’ve found the login page but I’m at a loss for the login creds. I’m new so the “default” hints aren’t helping much. Any help would be greatly appreciated!

@Ch1R0h said:
I’ve found the login page but I’m at a loss for the login creds. I’m new so the “default” hints aren’t helping much. Any help would be greatly appreciated!

You can find the username somewhere on the box, and the password is a default one. I know it’s not what you’ve expect, but it is !
I can only say that if you read the previous posts, there i a big hint (almost the answer) for the password :slight_smile:

PM me if you still have trouble with this !

Just wanted to say thanks to all of you for your insight and helpful commentary. Just rooted my first box and I appreciate everyone of you for helping with that. I’m looking forward to starting on the next one!

Well… that was easy!

owned the user but i am unable to get the root…any hints…?

I feel like I’m a step away from getting the root.txt, but I’m just missing a crucial step with the *****.sh file.

Can someone PM me?

I found the login page and the username,but i cannot get the password.Give me a hint,thank you!

I have been struggling to “guess” the username/password in admin login form with no result. I think I have the correct username (written also in a file) but I am not really into the “Try Harder” joke. Could anyone help?

@htbfk said:
I have been struggling to “guess” the username/password in admin login form with no result. I think I have the correct username (written also in a file) but I am not really into the “Try Harder” joke. Could anyone help?

think real simple. really really simple

It seems that I am the biggest noob, since I cannot find even the login page. So far, I managed to find the “hidden” site, and also find the “hidden” folders like: boot. I even found a folder with a file named login, but I cannoy execute it. I can only see its code. I even tried to execute it through the index.php, but this didnt help me either. If someone can give a hint it would bw great, because I am one step before quitting.

“Nibbleblog security error - Blacklist protection” I haven’t bruted it but looks like brute protection… i read from this posts user/pass is simple to guess but cant got hold of it! any one to PM a direction?

@Revolution said:
It seems that I am the biggest noob, since I cannot find even the login page. So far, I managed to find the “hidden” site, and also find the “hidden” folders like: boot. I even found a folder with a file named login, but I cannoy execute it. I can only see its code. I even tried to execute it through the index.php, but this didnt help me either. If someone can give a hint it would bw great, because I am one step before quitting.

make it simple! I just logged in to admin

New to HTB, and this was my first box… Thx

@Revolution said:
It seems that I am the biggest noob, since I cannot find even the login page. So far, I managed to find the “hidden” site, and also find the “hidden” folders like: boot. I even found a folder with a file named login, but I cannoy execute it. I can only see its code. I even tried to execute it through the index.php, but this didnt help me either. If someone can give a hint it would bw great, because I am one step before quitting.

You’re on the wrong path

@shane2483 said:
So I can not spawn a TTY shell and keep getting errors when I run sudo command.
I have tried every Spawning method on several sites.

when I try to spawn a TTY

can’t access TTY job control turned off

When I run sudo: (i assume because i dont have TTY)

: unable to resolve host Nibbles: Connection timed out
: no tty present and no askpass program specified

Im at the very end. Going on my third day and just cant get this .sh file to play nicely.

I’m stuck on this exact step too

With a hint from a friend, after 8 hours I managed to get the admin credentials and get a shell. Now the problem is that I used the search command of the meterpreter, and also the find command of the linux shell in very directory that I have access, in order to find the user.txt file, but I cannot find it. Maybe I need to escalate privileges first ? Any hint about this would be welcome.

Already got root, it was a really easy box. I have to mention that the most difficult part for me was the guessing of the initial credentials. Apart from that, the box is quite simple. If anyone needs help don’t hesitate to PM me :+1:

@Revolution said:
With a hint from a friend, after 8 hours I managed to get the admin credentials and get a shell. Now the problem is that I used the search command of the meterpreter, and also the find command of the linux shell in very directory that I have access, in order to find the user.txt file, but I cannot find it. Maybe I need to escalate privileges first ? Any hint about this would be welcome.

Not sure what method you used to get your shell, however, you should be able to cat and ls at the least. Try looking around different user directories. When in doubt, always start closer to home! :wink:

@Revolution said:
With a hint from a friend, after 8 hours I managed to get the admin credentials and get a shell. Now the problem is that I used the search command of the meterpreter, and also the find command of the linux shell in very directory that I have access, in order to find the user.txt file, but I cannot find it. Maybe I need to escalate privileges first ? Any hint about this would be welcome.

Spoiler Removed - Arrexel

As somebody who has just rooted this box, let me say this (and I am sure I am repeating others here):

This box is not as hard as you think. Do not over think anything, otherwise you will miss it. If you believe you are doing it right, you probably are. Keep trying over and over, perhaps reboot the box once or twice and try again. I had to reboot twice, and the exact same thing worked for me, which had failed earlier.

I didn’t use any bruteforcing of the password either, highly unnecessary. The information really is there for you. Over all, it really was a “cewl” box.