NIbbles

What should i do after i got into the nibble log under blacklist protection

@stormworm29 Be patient. After 5 minutes your IP wont be on blacklist

you all need to stop overwriting the image.php every second

at last now I got in after an hour search for default user and pass. hehehe.

Having some issues getting a reverse shell to work… Could someone PM me please?

Good Evening,
I can not bruteforce a specific directory, it doesn’t work. I mean, dirb results me Calculating NOT_FOUND code…

I’ve some problem to interact with the IP. I almost ping. I don’t know why. Some have an idea ? Protection against bruteforcing I think. I’ve tried with other tools like wfuzz and a personal script. It’s the same.

When I browser the IP adresse, it’s extremely slow. Do I the only one ?

Thank you !!

This is got to be the worst box, as it just wont stop spinning. I have user and think i can do preves but ■■■■!

Any hints for privesc? Feeling like I’m pretty darn close but I’m stuck after getting the info I need after running the enum scripts

Nvm got it :slight_smile:

Stuck with backdoor in PHP. The website doesn’t want it and I don’t understand.

Is there a protection of PHP ? 'cause my php files I want to upload, doesn’t work… any idea ?

for those on priv esc: after you see what you are allowed to do, and you try to do it, make sure you are doing EXACTLY what you saw you are allowed to do.

if thats vague, pm me and tell me where youre at.

It’s OK, I’ve rooted the server yesterday :wink: thanks

How many login attempts can you make before you end up on the blacklist? Any more clue to guess the user?

@gorias said:
Anyone got any further hints on initial pw, im sure its staring me in the face, but its driving me nuts

EDIT: ignore me

So frustrating seeing everyone posting how easy the login/password is. Feels like i tried every word connected to the page and soon all of the top-500-worst-passwords.txt list. Lol

Ugh. I’m yet another person being tormented by this initial login… I ran dirb recursively and with a big wordlist. WTF… Anyone have any other clues? Feel free to PM if you wan.t

Got the login, got a decent working shell and enumerated enough to know exactly what i have to do. But somehow it wont work. Can i shoot someone a PM?

I’ve not been blocked because I guessed the password and login. Try the login/pwd very usual what you could found in a WAF webpage admin and so on. It’s hard not to give you the solution :wink:

So I got the user.txt and trying to priv esc. Somehow reverse shell cheatsheets dont seem to work. I always get the shell with user and not root. I am editing a certain file for reverse shell and cannot seem to get root. Any help appreciated.