NIbbles

imaginarybit · June 15, 2018, 3:37am

Anyone need hits (not answer), just PM me. :lol:

shane2483 · June 15, 2018, 4:21am

@imaginarybit said:
Anyone need hits (not answer), just PM me. :lol:

PMd!

shane2483 · June 15, 2018, 4:46am

I’ve found the appropriate file (XXXXXXX.sh) just dont know how to get priv esc from it. helppppppppppp please.

Alexander1212 · June 15, 2018, 8:58am

can anyone help me about notes.txt and hype_key . i couldnt understand what that means

Alexander1212 · June 15, 2018, 9:01am

nibbleblog default credentials isnt working for me

shane2483 · June 15, 2018, 1:33pm

So I can not spawn a TTY shell and keep getting errors when I run sudo command.
I have tried every Spawning method on several sites.

when I try to spawn a TTY

can’t access TTY job control turned off

When I run sudo: (i assume because i dont have TTY)

: unable to resolve host Nibbles: Connection timed out
: no tty present and no askpass program specified

Im at the very end. Going on my third day and just cant get this .sh file to play nicely.

shane2483 · June 16, 2018, 3:05am

What an emotional few days ha. But I finally have root access. If anyone needs help please ask. Thanks to all who gave me some hints

bore1971 · June 16, 2018, 6:03pm

I have tty full interactive but still can’t get root. any help?

bore1971 · June 16, 2018, 8:03pm

A first ctf and linux noob got root.

me: I AM A GOOOOOD!!!

wife: Get your ■■■ out here and help me bring in the groceries!

bLueF0x · June 16, 2018, 8:12pm

@bore1971 said:
A first ctf and linux noob got root.

me: I AM A GOOOOOD!!!

wife: Get your ■■■ out here and help me bring in the groceries!

PM me need your help on the root flag

AikiGage · June 16, 2018, 11:51pm

I could use some help in just getting the Nibbleblog credentials. I’m definitely overthinking them and getting blacklisted a lot.

TheRealHooz · June 17, 2018, 2:15am

@AikiGage said:
I could use some help in just getting the Nibbleblog credentials. I’m definitely overthinking them and getting blacklisted a lot.

The one hint that helped me was think default usernames and think of an unsecure password from the phrases or words you have already seen on the website. Remember UNSECURE this is a dumb user.

AikiGage · June 17, 2018, 2:29am

@TheRealHooz said:

@AikiGage said:
I could use some help in just getting the Nibbleblog credentials. I’m definitely overthinking them and getting blacklisted a lot.

The one hint that helped me was think default usernames and think of an unsecure password from the phrases or words you have already seen on the website. Remember UNSECURE this is a dumb user.

Got it! Thanks all!

melka · June 17, 2018, 9:36pm

Second box and just got root, feel free to PM if you need help

dodo · June 17, 2018, 10:35pm

■■■! people keep changing the default creds!!!

@mrb3n you should disable the functionality. It’s useless and annoying

FrostMorn21 · June 18, 2018, 2:09am

so found the directory and probably the “login page” but I really dont know if it Is and if it is I keep getting black listed any hints?

L0s3r · June 18, 2018, 5:17am

got root, nice box

Aijaz · June 18, 2018, 7:22am

@Aijaz said:

@Aijaz said:
Hi, I am new on the HTB.

I have logged in to the admin panel and trying to upload the shell, but I am not getting any reverse connection. I have opened ports on my router also, but still I am not getting any reverse connection. I have tried 3-4 different payload but still nothing. Can some give me a hint.

Never Mind…I have got the access…it was a silly mistake from my side…now for user.txt

EDIT 1 :- Got the user.txt…on to root flag…I have no idea on how to process further,am stuck. Can some help me.

Finally got the root flag…

bLueF0x · June 18, 2018, 8:31am

got ROOT

Wiamly · June 18, 2018, 5:07pm

Wow, Dirbuster showed me the shell after someone else exploited it and I got User without even trying. Looking back I understand it, but I don’t know the credentials or anything as I literally just navigated to the shell location and grabbed the flag. Any help?