NIbbles

@AgentTiro i dont know

Spoiler Removed - Arrexel

Spoiler Removed - Arrexel

@darthgucci i got it ty :slight_smile:

Guys, plz give me a right vector. I’m trying to exploit this thing with xss and create post to gain acces to admin panel. Am i on a right way?

I am on the box with what I believe to be a TTY shell. I keep getting errors trying to interact with the local file I SHOULD be able to sudo without a password. Any nudges?

I am also getting the “manual cleanup of ‘image.php’ on the target” issue and I am wondering if it might not be caused by too many of us going after the same machine at the same time, resulting in corrupted/conflicting image.php files? If anyone has any suggestions on this I’m all ears/eyes.

Figured out the issue, I don’t believe it had anything to do with too many users.

I am not able to figure it out what is the initial user and password. :frowning:

Happy to report I have finally at long last finished this one! I suppose the challenge is relatively easy - for anyone struggling always try remember to take a step back. Relook at how you are entering your commands, the devil unfortunately is most definitely in the detail here!!

Cheers guys!

@Cheetahroam said:
I am also getting the “manual cleanup of ‘image.php’ on the target” issue and I am wondering if it might not be caused by too many of us going after the same machine at the same time, resulting in corrupted/conflicting image.php files? If anyone has any suggestions on this I’m all ears/eyes.

nope, try using different payloads in metasploit. One works every time, the others are flaky. You just have to try them all

@J3rryBl4nks said:
I am on the box with what I believe to be a TTY shell. I keep getting errors trying to interact with the local file I SHOULD be able to sudo without a password. Any nudges?

Removed by request - Arrexel

@J3rryBl4nks this is a spoiler not hint :slight_smile:

@darthgucci said:

@Cheetahroam said:
I am also getting the “manual cleanup of ‘image.php’ on the target” issue and I am wondering if it might not be caused by too many of us going after the same machine at the same time, resulting in corrupted/conflicting image.php files? If anyone has any suggestions on this I’m all ears/eyes.

nope, try using different payloads in metasploit. One works every time, the others are flaky. You just have to try them all

Yep, figured it out just moments after I posted. Which serves as a good reminder to take a breath and think before acting I suppose. Thanks for taking the time to respond though, it is appreciated.

Can anyone PM me about interacting with the file on Nibbles?

@andremilke said:
I am not able to figure it out what is the initial user and password. :frowning:

The user is easy to obtain - look through every file on web
The password you have to guess - don’t overthink it (it’s OBVIOUS)

@darthgucci said:

@J3rryBl4nks said:
I am on the box with what I believe to be a TTY shell. I keep getting errors trying to interact with the local file I SHOULD be able to sudo without a password. Any nudges?

In order to sudo you have to take advantage of the permissions given to the file. I would google for exploiting sudo via file permissions and read up on it. That’s how I was able to get it

I finally got it. This is a great hint bordering on spoiler. Even knowing this though is not the solution. I had to still do a good bit of trial and error and finally realized what was happening. This is an easy box in hindsight but overlooking very tiny details made it difficult to solve for me.

@buckyball said:

@witchkingsteve said:

@J3rryBl4nks said:
I am on the box with what I believe to be a TTY shell. I keep getting errors trying to interact with the local file I SHOULD be able to sudo without a password. Any nudges?

In order to sudo you have to take advantage of the permissions given to the file. I would google for exploiting sudo via file permissions and read up on it. That’s how I was able to get it

I finally got it. This is a great hint bordering on spoiler. Even knowing this though is not the solution. I had to still do a good bit of trial and error and finally realized what was happening. This is an easy box in hindsight but overlooking very tiny details made it difficult to solve for me.

Yeah! even after reading you still have to make sure you have the right information and make sense out of what is happening. Awesome job!

@LetMeO said:
Guys, plz give me a right vector. I’m trying to exploit this thing with xss and create post to gain acces to admin panel. Am i on a right way?

So, any hints? Or i should just figure out what the password and login is.

My first HTB box and seems tough enough at this moment. If the user login is the world “default” username, what is the “default” HTB?