NIbbles

Me to

@0xEDBEEF said:
If you used LinEnum, you should see that something is not quite right. Also, enumerate directories, look for files that may be useful in some way.

Oh dear ! I’ve just missed the primary details ! Get root ! Thanks for help !

#For peoples who need big hint
This VM is all about enumeration, all information you need can be found by this technique.

@nvmb3r said:
I’m the only one not able to guess creds to login?

everything is default.

@macielti said:
Me to
got it… I swear I tried it before …

haha yeah. i could have swore i tried it a dozen times myself

@D4rKu5 said:
haha yeah. i could have swore i tried it a dozen times myself

I swear I was starting to look on how to exploit the other port haha

Hey guys so i’ve been working on this machine today. I found the login page. I logged into the log in page.
Now where im stuck is these credentials aren’t the same / dont work when using a ssh command line?
any suggestions?

Ok over come my previous issue. Got the right exploit

I’m stuck on the privesc part

SOMEBODY PLEASE HELP ME !!!

@Haxor007 said:
I’m stuck on the privesc part

SOMEBODY PLEASE HELP ME !!!

pm me

for those who are using the meterpreter payload, try using other payloads

Logged in to the blog, but no clue what to do next. Any clues without spoiling?

@FloptimusCrime said:
Logged in to the blog, but no clue what to do next. Any clues without spoiling?

Enumerate

@wirehack7 said:

@FloptimusCrime said:
Logged in to the blog, but no clue what to do next. Any clues without spoiling?

Enumerate

Got the exploit, but “manual cleanup” thingy happening and i am out of resets for the day

What should i do after i got into the nibble log under blacklist protection

@stormworm29 Be patient. After 5 minutes your IP wont be on blacklist

you all need to stop overwriting the image.php every second

at last now I got in after an hour search for default user and pass. hehehe.

Having some issues getting a reverse shell to work… Could someone PM me please?

Good Evening,
I can not bruteforce a specific directory, it doesn’t work. I mean, dirb results me Calculating NOT_FOUND code…

I’ve some problem to interact with the IP. I almost ping. I don’t know why. Some have an idea ? Protection against bruteforcing I think. I’ve tried with other tools like wfuzz and a personal script. It’s the same.

When I browser the IP adresse, it’s extremely slow. Do I the only one ?

Thank you !!