i scanned the box got two open ports and a /nibbleblog/ page…
any hints on what should i do next…??
i scanned the box got two open ports and a /nibbleblog/ page…
any hints on what should i do next…??
Did you try find the credentials?
@enjloezz said:
Did you try find the credentials?
You mean ssh crdentials…??
@punish3r said:
@enjloezz said:
Did you try find the credentials?You mean ssh crdentials…??
For nibbleblog admin area
I didnt find any admin area…
I used the tools nikto and dirb but didnt get any admin area…
Look at nibbleblog github page you can find all files
You mean the actual github page… or there is another github page in the nibbles box…??
@punish3r said:
You mean the actual github page… or there is another github page in the nibbles box…??
Someone should use Googlefu
you need think in “default” mode.
You found a page, what could you do with that page now?
try and dirb it…
@enjloezz said:
Look at nibbleblog github page you can find all files
Best clue…
The password is very simple
Hints: sometimes the name of the machine will give you some hint.
privesc need help
Got root!
DM me for any hint
Hi I am Jeff. I tell my friends I am a pro sysadmin and even put it on my resume. In reality though I haven’t been able to figure out where any button other then the “next next next” button is.
Once you realize how foolish Jeff is it only gets worse. Jeff’s laziness continues to create bad security flaws. During enumeration think about how Jeff could have traded security for laziness.
After you figure that out, well the rest is semi easy, just remember seeing isn’t always believing.
Don’t be like Jeff, Jeff gets hacked.
nibbleblog |
1 - open source, so try download it and exploring it for credentials.
[ try lookout on source pages ]
2 - research about nibbleblog exploit to upload shell. [ the simple way ]
i found the exploit i try to upload but nothing
Can someone help me, I’ve guessed all combinations of words that I’ve found from browsing, I’ve looked all the the fourm and the github page and still don’t have it.
@tigr8787 type just exploit and name machine