Hints on Nibbles

I didnt find any admin area…

I used the tools nikto and dirb but didnt get any admin area…

Look at nibbleblog github page you can find all files

You mean the actual github page… or there is another github page in the nibbles box…??

@punish3r said:
You mean the actual github page… or there is another github page in the nibbles box…??

Someone should use Googlefu

you need think in “default” mode.

You found a page, what could you do with that page now?

try and dirb it…

@enjloezz said:
Look at nibbleblog github page you can find all files

Best clue…

The password is very simple
Hints: sometimes the name of the machine will give you some hint.

privesc need help

Got root!

DM me for any hint :slight_smile:

Hi I am Jeff. I tell my friends I am a pro sysadmin and even put it on my resume. In reality though I haven’t been able to figure out where any button other then the “next next next” button is.

Once you realize how foolish Jeff is it only gets worse. Jeff’s laziness continues to create bad security flaws. During enumeration think about how Jeff could have traded security for laziness.

After you figure that out, well the rest is semi easy, just remember seeing isn’t always believing.

Don’t be like Jeff, Jeff gets hacked.

nibbleblog |

1 - open source, so try download it and exploring it for credentials.
[ try lookout on source pages ]
2 - research about nibbleblog exploit to upload shell. [ the simple way ]

i found the exploit i try to upload but nothing

Can someone help me, I’ve guessed all combinations of words that I’ve found from browsing, I’ve looked all the the fourm and the github page and still don’t have it.

@tigr8787 type just exploit and name machine

use owasp zap it can help you find areas of the webpage that may not be obvious

@T3jv1l said:
@Renz087 type just exploit and name machine

I found the exploit before I even found the Admin page. I cant get the stupid creds for the Admin page. I’ve looked everywhere.

I’ve been using some exploit and payload, but I’m having this error:
Exploit aborted due to failure: unknown: Unable to upload payload.

Hi,
I am working on Nibbles. And I wonder if there is a way to use hydra to bypass the blacklist. I know I can use python and modify headers to bypass that. But maybe hydra has an automatic mechanism to do this. I didn’t found it on documentation.

Thanks in advance