NIbbles

Found it. Thanks dear player who helped me via message.

Anyone able to DM a hint for the tty issue? Tried most standard ways to break. Shell is through meterpreter with known exploit for the web service and I know what I need to run (at least I think so).

lol a linux admin with over 8 years in the industry here trying to get into infosec. Embarrassing that I can’t figure out a default password. Can somebody help?

@npsoni use cewl. don’t think default, think bad practise

I’m really struggling with getting root… It’s a bit discouraging :anguished: I’ve been reading up on multiple articles involving methods to “abuse” the file in question but I just can’t seem to do it. Could someone perhaps shoot me a PM and help me out a little bit?

If somebody needs a some help without expecting for spoilers, feel free to DM me.

I’m a muppet. Got root.

logedIn. enumerated directories. but cant find user.txt. any Hint ?

@GhostCat said:

logedIn. enumerated directories. but cant find user.txt. any Hint ?

What can you find?

@c60cb859 said:

@GhostCat said:

logedIn. enumerated directories. but cant find user.txt. any Hint ?

What can you find?
all the directories keep changing but most recently i was able to find image.php.

@GhostCat said:

logedIn. enumerated directories. but cant find user.txt. any Hint ?

Did you get a shell?

@xdaem00n said:

@GhostCat said:

logedIn. enumerated directories. but cant find user.txt. any Hint ?

Did you get a shell?

image.php looked like shell but cannot execute any linux commands. Apart from that i found monitor.sh

Hello! I think I have a problem. When I thought I’m logged in the application, the web throws: “Nibbleblog security error - User not logged”. I’ve tried to change the params but nothings happens. Somebody could help me?

Spent half a day and so so frustrated with the admin panel. I saw the earlier messages and tried everything that I could think of! No matter what I try it won’t take it :anguished: Can someone please DM…I am just tired now!

@tang0charlie said:
Spent half a day and so so frustrated with the admin panel. I saw the earlier messages and tried everything that I could think of! No matter what I try it won’t take it :anguished: Can someone please DM…I am just tired now!

Never mind! Got it :slight_smile:

@GhostCat said:

@xdaem00n said:

@GhostCat said:

logedIn. enumerated directories. but cant find user.txt. any Hint ?

Did you get a shell?

image.php looked like shell but cannot execute any linux commands. Apart from that i found monitor.sh

You should get a shell where you can execute commands, like ls and whoami

Is there any telegram group of HTB users?

I’ve read through the whole thread but still couldn’t log into the web application. If anyone could give me some hints, please PM me. Thanks.

I managed to find the default login. Sorry for posting too hastily.

@c60cb859 said:

@GhostCat said:

@xdaem00n said:

@GhostCat said:

logedIn. enumerated directories. but cant find user.txt. any Hint ?

Did you get a shell?

image.php looked like shell but cannot execute any linux commands. Apart from that i found monitor.sh

You should get a shell where you can execute commands, like ls and whoami

got shell and user.txt. Thanks :slight_smile: