NIbbles

@PinkPanther said:

@Skullsec said:
SPOILER! SPOILER! SPOILER!

Someone help me how to fix this f*cking problem:

This exploit may require manual cleanup of ‘image.php’ on the target

Thanks.

I hate to be the dude that says reset… But you are gonna want to reset the box

I solved that and cat root.txt, but thanks to your answer…

@Skullsec

Was the issue rebooting? I had the same cleanup issue, tried the reset but no dice

Anyone around to message a quick question or two? I feel like I have what I’m looking for. Just need to clear up something.

@msshtb said:
Anyone around to message a quick question or two? I feel like I have what I’m looking for. Just need to clear up something.

What is the question?

@Skullsec said:

@msshtb said:
Anyone around to message a quick question or two? I feel like I have what I’m looking for. Just need to clear up something.

What is the question?

Thanks, but I got to the next step! Appreciate it.

So I started working this box last night I easily guessed the first password. Dirbuster didn’t find anything that stuck out, so now I’m not sure if I should be finding something on the site to establish an ssh username or exploiting the site itself. Not really sure if I want hints or am just using this post to vent my frustrations.

So I finally got a ‘shell’ but it is pretty shady and won’t let me complete actions that I should be able to complete. User.txt done, root.txt to go!

I am logged into the site, but Im hitting a brick wall now. Any hints for my next step?

@treadstone said:
I am logged into the site, but Im hitting a brick wall now. Any hints for my next step?

You’ll need the username and pass outside the site haha… if you need another hint, PM me…

hows everyone getting on with root on this box? -any hints would be nice

@gorias said:
hows everyone getting on with root on this box? -any hints would be nice

Not going to lie, the initial “password guessing” had me in all sorts of wtf, but the priv esc is extremely straightforward.

As previously stated, some basic enumeration will bring up something fishy

That password lol!!! I did got FFS after I logged in .

meh, its easy all about Enumeration

@hartkon said:
This machine retired Blue. Its very easy to get user. Try not to overthink and get a “default” point of view.

tried everything but can’t seem to find what everyone is talking about i have tried not to overthink

any hint for getting root flag ?

I’m on this machine for the last 2 hours now and i’m not able to find anything.
i have already try dirb and dirbuster but cannot find anythings…
Any tips ? It’s so frustrating !

@jugulaire said:
I’m on this machine for the last 2 hours now and i’m not able to find anything.
i have already try dirb and dirbuster but cannot find anythings…
Any tips ? It’s so frustrating !

view source, if you don’t see the first hint maybe get a new prescription?

@jugulaire said:
I’m on this machine for the last 2 hours now and i’m not able to find anything.
i have already try dirb and dirbuster but cannot find anythings…
Any tips ? It’s so frustrating !

use your current solution and webserver name ****.txt dictionary

This is really frustrating. It is my first maschine and i spent 4 hours on it. looked at so much things: php/bit files, images, dirb, dirbuster for the initial password but could not find it. i don’t know how i should guess it. i also don’t know what htb “deafult” password are… this is really frustrating

you will have probably thought you’ve tried it already. you will have swore you’ve tried it 100 times already. how could have you not have tried it?