NIbbles

@jugulaire said:
I’m on this machine for the last 2 hours now and i’m not able to find anything.
i have already try dirb and dirbuster but cannot find anythings…
Any tips ? It’s so frustrating !

view source, if you don’t see the first hint maybe get a new prescription?

@jugulaire said:
I’m on this machine for the last 2 hours now and i’m not able to find anything.
i have already try dirb and dirbuster but cannot find anythings…
Any tips ? It’s so frustrating !

use your current solution and webserver name ****.txt dictionary

This is really frustrating. It is my first maschine and i spent 4 hours on it. looked at so much things: php/bit files, images, dirb, dirbuster for the initial password but could not find it. i don’t know how i should guess it. i also don’t know what htb “deafult” password are… this is really frustrating

you will have probably thought you’ve tried it already. you will have swore you’ve tried it 100 times already. how could have you not have tried it?

finally got access to admin creds, it was really obvious. For guys who are stuck like me, do not get disappointed and keep trying with whatever info you have in hand about the box.

Hey, finally i’ve found what i need. but i’m totally blocked by the root flag. Anybody can give me some hints ? i have of course used LinEnum to find informations.

@jugulaire said:
Hey, finally i’ve found what i need. but i’m totally blocked by the root flag. Anybody can give me some hints ? i have of course used LinEnum to find informations.

If you used LinEnum, you should see that something is not quite right. Also, enumerate directories, look for files that may be useful in some way.

Major Spoiler…!

Look where you have root privilege and use that to get root flag

I’m the only one not able to guess creds to login?

Me to

@0xEDBEEF said:
If you used LinEnum, you should see that something is not quite right. Also, enumerate directories, look for files that may be useful in some way.

Oh dear ! I’ve just missed the primary details ! Get root ! Thanks for help !

#For peoples who need big hint
This VM is all about enumeration, all information you need can be found by this technique.

@nvmb3r said:
I’m the only one not able to guess creds to login?

everything is default.

@macielti said:
Me to
got it… I swear I tried it before …

haha yeah. i could have swore i tried it a dozen times myself

@D4rKu5 said:
haha yeah. i could have swore i tried it a dozen times myself

I swear I was starting to look on how to exploit the other port haha

Hey guys so i’ve been working on this machine today. I found the login page. I logged into the log in page.
Now where im stuck is these credentials aren’t the same / dont work when using a ssh command line?
any suggestions?

Ok over come my previous issue. Got the right exploit

I’m stuck on the privesc part

SOMEBODY PLEASE HELP ME !!!

@Haxor007 said:
I’m stuck on the privesc part

SOMEBODY PLEASE HELP ME !!!

pm me

for those who are using the meterpreter payload, try using other payloads