NIbbles

Already got root, it was a really easy box. I have to mention that the most difficult part for me was the guessing of the initial credentials. Apart from that, the box is quite simple. If anyone needs help don’t hesitate to PM me :+1:

@Revolution said:
With a hint from a friend, after 8 hours I managed to get the admin credentials and get a shell. Now the problem is that I used the search command of the meterpreter, and also the find command of the linux shell in very directory that I have access, in order to find the user.txt file, but I cannot find it. Maybe I need to escalate privileges first ? Any hint about this would be welcome.

Not sure what method you used to get your shell, however, you should be able to cat and ls at the least. Try looking around different user directories. When in doubt, always start closer to home! :wink:

@Revolution said:
With a hint from a friend, after 8 hours I managed to get the admin credentials and get a shell. Now the problem is that I used the search command of the meterpreter, and also the find command of the linux shell in very directory that I have access, in order to find the user.txt file, but I cannot find it. Maybe I need to escalate privileges first ? Any hint about this would be welcome.

Spoiler Removed - Arrexel

As somebody who has just rooted this box, let me say this (and I am sure I am repeating others here):

This box is not as hard as you think. Do not over think anything, otherwise you will miss it. If you believe you are doing it right, you probably are. Keep trying over and over, perhaps reboot the box once or twice and try again. I had to reboot twice, and the exact same thing worked for me, which had failed earlier.

I didn’t use any bruteforcing of the password either, highly unnecessary. The information really is there for you. Over all, it really was a “cewl” box.

Got Root ! Now what ?

If you read the post please disregard it, I found out what I was doing wrong with the xxx.sh file.

@ashishjv1 said:
Got Root ! Now what ?

Onto the next box :slight_smile:

Anyone willing to help me? I’m stuck at the very last step. You can PM me, no spoilers please

EDIT: So when executing a certain command in the xxx.sh file it says that it’s not able to resolve the hostname. I’m pretty sure I understand how to use xxx.sh but that command makes my terminal hang and gives me that weird error. Hints?

@elio said:
Anyone willing to help me? I’m stuck at the very last step. You can PM me, no spoilers please

EDIT: So when executing a certain command in the xxx.sh file it says that it’s not able to resolve the hostname. I’m pretty sure I understand how to use xxx.sh but that command makes my terminal hang and gives me that weird error. Hints?

I had the same issue with the shell, but I managed to complete the challenge. I just had to wait a bit in order to run the code.

P.S If you are sure that what you are doing is the right thing but it does not work, take a good break and re-check it. It worked in my case.

@onlyamedic said:

@ashishjv1 said:
Got Root ! Now what ?

Onto the next box :slight_smile:

Indeed ! :slight_smile:

If anyone can lend a hint for root, that would be great. PM Me

@bukkits said:

@shane2483 said:
So I can not spawn a TTY shell and keep getting errors when I run sudo command.
I have tried every Spawning method on several sites.

when I try to spawn a TTY

can’t access TTY job control turned off

When I run sudo: (i assume because i dont have TTY)

: unable to resolve host Nibbles: Connection timed out
: no tty present and no askpass program specified

Im at the very end. Going on my third day and just cant get this .sh file to play nicely.

I’m stuck on this exact step too

Make it three. I’ve exhausted much of my knowledge and research, and I see the file that everyone is talking about, but I can’t seem to do anything with it.

If someone can send a PM for help, it would be appreciated.

@TheCanisLupus said:
The fact that there is no single post about Nibbles makes me feel even more stupid but whatever … I need help
I kind of know what the vulnerability is but cant find log in details for the blog
Any one can point me in right direction please ?
thanks

I am newb and i am stuck someone assit me please

Finally got Root

so i have got to the point of logging thanks to some tips Blackarrow gave me now i am stuck i have the username but no password i guess ill keep trying it.

Eh, I am really stuck. I tryied this box several times now. I crawled website, directories, find out xml with username, but I am not able to guess password. Whatever I tryied, i failed. My combos of usr/pwd do not work at all.
Could you please hint me for creds for login page?

@karelchajim said:
Eh, I am really stuck. I tryied this box several times now. I crawled website, directories, find out xml with username, but I am not able to guess password. Whatever I tryied, i failed. My combos of usr/pwd do not work at all.
Could you please hint me for creds for login page?

nevermind. got it. ■■■

@karelchajim said:
@karelchajim said:
Eh, I am really stuck. I tryied this box several times now. I crawled website, directories, find out xml with username, but I am not able to guess password. Whatever I tryied, i failed. My combos of usr/pwd do not work at all.
Could you please hint me for creds for login page?

nevermind. got it. ■■■

hey bro can you pm hint on pass word i am stuck same as you at this point

Some one help is it becuase this server is retired or i am not able to export exploit some getting this error help

Exploit completed, but no session was created.
msf exploit(multi/http/nibbleblog_file_upload) > exploit

[] Started reverse -----------======
[!] This exploit may require manual cleanup of ‘image.php’ on the target
[
] Exploit completed, but no session was created.
getting

Rooted thank you learned alot trying to root this machine.