NIbbles

@antione09 said:
I got the creds for the login page, however, I am kinda stuck how to pivot from there. Can someone PM some tips?

What did you log in to? Maybe that’s exploitable.

Nibbles is easy, forget what you read on the net. The shell is very simple both user and root , root you just need to think slightly different the sec video is not going to help you to get root but its very similar just use another type of shell. :wink:

@mercwri said:
I must be missing an obvious reference on the login credentials or something, are they literally spelled out somewhere or is there a clue/reference that should lead you to determine them?

Its starring you right in the face.

Can anybody tell what can I do with monitor.sh? I tried my best

You haven’t tried your best. Think of other ways to do what you’re exactly trying to do.
Its super simple to root (I wasted a few days nontheless) and try basic stuff, just do it differently, no outside the box thinking either.
Also, I think there is something wrong about this box, I tried the SAME stuff the first time around didn’t work and probably the 15th time I tried it gave me a different output. All in all I learnt something so that’s good but I really hope no one else faces the same lol. On to the next box.

For the life of me, I cannot find the login credentials. I tried all default combinations I could find, used CEWL to create a custom word list, nothing works. I tried all the obvious combiniations on the site, but am really stuck. Can someone PM me a hint?

I am just not able to utilize monitor.sh. tried to display the imp contents but it says permission denied. Also keep on getting error
: unable to resolve host Nibbles: Connection timed out
: no tty present and no askpass program specified

Any pointers?

@Mumbles said:
For the life of me, I cannot find the login credentials. I tried all default combinations I could find, used CEWL to create a custom word list, nothing works. I tried all the obvious combiniations on the site, but am really stuck. Can someone PM me a hint?

Never mind. I am a giddy-goat.

@LHM said:
I am just not able to utilize monitor.sh. tried to display the imp contents but it says permission denied. Also keep on getting error
: unable to resolve host Nibbles: Connection timed out
: no tty present and no askpass program specified

Any pointers?

It seems that you need some basic knowledge.
you would get root if you have watched ippsec videos on youtube.
Research more things is good for you.

@LHM said:
I am just not able to utilize monitor.sh. tried to display the imp contents but it says permission denied. Also keep on getting error
: unable to resolve host Nibbles: Connection timed out
: no tty present and no askpass program specified

Any pointers?

I rooted this machine yesterday.
Read about tty and how you can spawn one when needed. It is also good to know, why is needed.
Regarding monitor.sh - do you really need to display it? Is its original content really important?

I keep getting ‘This exploit may require manual cleanup of ‘image.php’ on the target’ when i try the nibbleblog exploit. Already tried resetting it, did not help.
Any idea what else i can do

I just managed to get root.txt but I am not sure that was the intended way of getting it. I dont want to post it here and spoil it for others can I pm somebody just to clarify.

@Ju577Ry said:
i’am stuck here guys . i need help .

[] Started reverse TCP handler on (my IP):4444
[!] This exploit may require manual cleanup of ‘image.php’ on the target
[
] Exploit completed, but no session was created.
msf exploit(nibbleblog_file_upload) >

Hi @Ju577Ry,

I’m stuck there. Any hint how you fix the problem?

Thanks! :slight_smile:

Can anyone help? I am appending a command to a script and get the error below. Someone stated that the script still runs but I do not see my root.txt.

unable to resolve host Nibbles: Connection timed out
no tty present and no askpass program specified

Hello, i believe i am pretty close on gettin root. helped by the hints around.
May i PM anyone to discuss a bit my idea of obtaining root.txt?

I got reverse shell access but none of the linux command works except for cd and ls. it always give me the ‘unknown command’ error. Should I reset the machine or this is expected?

I am able to login into the admin panel but not able to proceed ahead.Tried to upload a php script to verify for command injection,but looks like i am not able to upload it correctly.It is being uploaded as xml and not php.Any hints?

@minhhungvn said:
I got reverse shell access but none of the linux command works except for cd and ls. it always give me the ‘unknown command’ error. Should I reset the machine or this is expected?

I would attempt a reset. I did not experience the same issue that you are seeing.

Spoiler Removed - Arrexel

Got the shell :slight_smile: