NIbbles

@Farmer789 said:

@fhlipZero said:
do something simple, with something provided to you, to access root.txt

Please give one more hint.

some files may have permission to execute

At first I was stuck on the first “default” thingy, I did even checked “seclist github” for it. Guys, the thing you are looking for, is not something in world’s default, but here in hackthebox.

i confess, i gained access to admin page, but I don’t know how to get access to root or user.txt. Some tips?

@Skullsec said:
i confess, i gained access to admin page, but I don’t know how to get access to root or user.txt. Some tips?

we cant answer without spoiling

I must be missing an obvious reference on the login credentials or something, are they literally spelled out somewhere or is there a clue/reference that should lead you to determine them?

@mercwri said:
I must be missing an obvious reference on the login credentials or something, are they literally spelled out somewhere or is there a clue/reference that should lead you to determine them?

In HTB, the names of the machines always means something…

aaaaaaaaaaaaaaaah… got it

@Skullsec said:

@mercwri said:
I must be missing an obvious reference on the login credentials or something, are they literally spelled out somewhere or is there a clue/reference that should lead you to determine them?

In HTB, the names of the machines always means something…

I know what a nibble is, but I have no clue how I can “guess” the password with that…

@larry said:

@Skullsec said:

@mercwri said:
I must be missing an obvious reference on the login credentials or something, are they literally spelled out somewhere or is there a clue/reference that should lead you to determine them?

In HTB, the names of the machines always means something…

I know what a nibble is, but I have no clue how I can “guess” the password with that…

Think more obvliously… the username is world “default”, the pass is HTB “default”…

If that’s not a spoiler then idk what is. It’s tough to give a hint for this part of the box without completely giving things away =/

yeah well htb default means nothing for me because this is my first box… How do I know any htb defaults … fml

It’s not really a “default” exactly, it’s just something that’s commonly done on this site it seems like

Were we supposed to use ssh at all for this challenge?

@larry said:
yeah well htb default means nothing for me because this is my first box… How do I know any htb defaults … fml

Use everything you know about the machine in HTB…For now, you don’t need to search outside HTB…

If you REALLY think you have the credentials try a reset.

I went back over my notes and I noted I’d already tried the correct credentials but they had triggered a blacklist notification, I reset and re-hit my notes and one of my first attempts let me in this time…

Any tips on password credentials? Dirbusted the ■■■■ out of it. Found the username and the login page but no clue on the password…

@SpoogeDragon said:
Any tips on password credentials? Dirbusted the ■■■■ out of it. Found the username and the login page but no clue on the password…

You should be able to google for it pretty easy honestly.

My first day on hackthebox … nice gentle introduction! :slight_smile:

@jckhmr said:
My first day on hackthebox … nice gentle introduction! :slight_smile:

Welcome!

To the ones here begging for credentials:
You don’t have to always bruteforce the ■■■■ out of a Service if you find a login. Bruteforce is, for me, one of the last things I do.
Firstly think which infos you have, what your target is and what the target might use.

As you see, anti brute force is fairly easy and you get jailed out.

Enumerate.
It’s the easiest box here, don’t overthink it.