NIbbles

Finally got user and root :slight_smile:

I’ve done harder machines than this, I know it, but I can’t seem to get passed the first steps on this either, can someone PM me a hint so I can facepalm hard?

@fhlipZero said:
do something simple, with something provided to you, to access root.txt

Please give one more hint.

@agnarus said:
@peek any hint?
i have fed up this msg “Nibbleblog security error - Blacklist protection” and did go through all files on server and github

I did the same, I went through all and everything >.< heeeelp pls

@larry said:

@agnarus said:
@peek any hint?
i have fed up this msg “Nibbleblog security error - Blacklist protection” and did go through all files on server and github

I did the same, I went through all and everything >.< heeeelp pls

hint: guest it.

@Farmer789 said:

@fhlipZero said:
do something simple, with something provided to you, to access root.txt

Please give one more hint.

some files may have permission to execute

At first I was stuck on the first “default” thingy, I did even checked “seclist github” for it. Guys, the thing you are looking for, is not something in world’s default, but here in hackthebox.

i confess, i gained access to admin page, but I don’t know how to get access to root or user.txt. Some tips?

@Skullsec said:
i confess, i gained access to admin page, but I don’t know how to get access to root or user.txt. Some tips?

we cant answer without spoiling

I must be missing an obvious reference on the login credentials or something, are they literally spelled out somewhere or is there a clue/reference that should lead you to determine them?

@mercwri said:
I must be missing an obvious reference on the login credentials or something, are they literally spelled out somewhere or is there a clue/reference that should lead you to determine them?

In HTB, the names of the machines always means something…

aaaaaaaaaaaaaaaah… got it

@Skullsec said:

@mercwri said:
I must be missing an obvious reference on the login credentials or something, are they literally spelled out somewhere or is there a clue/reference that should lead you to determine them?

In HTB, the names of the machines always means something…

I know what a nibble is, but I have no clue how I can “guess” the password with that…

@larry said:

@Skullsec said:

@mercwri said:
I must be missing an obvious reference on the login credentials or something, are they literally spelled out somewhere or is there a clue/reference that should lead you to determine them?

In HTB, the names of the machines always means something…

I know what a nibble is, but I have no clue how I can “guess” the password with that…

Think more obvliously… the username is world “default”, the pass is HTB “default”…

If that’s not a spoiler then idk what is. It’s tough to give a hint for this part of the box without completely giving things away =/

yeah well htb default means nothing for me because this is my first box… How do I know any htb defaults … fml

It’s not really a “default” exactly, it’s just something that’s commonly done on this site it seems like

Were we supposed to use ssh at all for this challenge?

@larry said:
yeah well htb default means nothing for me because this is my first box… How do I know any htb defaults … fml

Use everything you know about the machine in HTB…For now, you don’t need to search outside HTB…

If you REALLY think you have the credentials try a reset.

I went back over my notes and I noted I’d already tried the correct credentials but they had triggered a blacklist notification, I reset and re-hit my notes and one of my first attempts let me in this time…