NIbbles

The fact that there is no single post about Nibbles makes me feel even more stupid but whatever … I need help
I kind of know what the vulnerability is but cant find log in details for the blog
Any one can point me in right direction please ?
thanks

This machine retired Blue. Its very easy to get user. Try not to overthink and get a “default” point of view.

@TheCanisLupus said:
The fact that there is no single post about Nibbles makes me feel even more stupid but whatever … I need help
I kind of know what the vulnerability is but cant find log in details for the blog
Any one can point me in right direction please ?
thanks

■■■, spoken my words.

Any hints on root ?

Please give some hint on Nibbles root?

do something simple, with something provided to you, to access root.txt

Just enumerate the system as always… u can see those methods on some ippsec videos…

Hello. Yesterday i was able to exploit the machine and get a meterpreter running. Today it seems like the credentials are changed?

@hartkon said:
Hello. Yesterday i was able to exploit the machine and get a meterpreter running. Today it seems like the credentials are changed?

reset machine and try again … :wink:

@hartkon said:
Hello. Yesterday i was able to exploit the machine and get a meterpreter running. Today it seems like the credentials are changed?

Did a reset fix your issue, because the same thing happened to me. I got the password, now it’s not working even after a reset

Hi guys. I know the vulnerability etc. but tbh I can’t find the “obvious” credentials as you referer to not “overthink” here… pls god I just need this small piece of info :frowning: any hints here?

@larry said:
Hi guys. I know the vulnerability etc. but tbh I can’t find the “obvious” credentials as you referer to not “overthink” here… pls god I just need this small piece of info :frowning: any hints here?

If you have found the login page and know what its for, you will figure it out.

As for root, run linenum.sh (as you should always do anyways) and the rest is as easy as making lemonade…wait…I take that back. It’s MUCH easier than making lemonade.

well I have found the login page and I already tried several creds… not overthinking made me to google, but didn’t found any defs… I checked the requests for stuff, nothing…

I know as soon as I have the creds it’s a piece of cake… :frowning:

unfortunately there are no default creds to try. I found it difficult because of something I did wrong. Having said that once I found it, I had to slap myself for missing it. Instead of “Try Harder” it should be “Try Easier” - sometimes we overcomplicate the problem cause it can’t be that easy…

all i tried to get password ends up in blacklist…

@peek said:
all i tried to get password ends up in blacklist…

same problem here… Don’t know how to “Try Easier” yet… pfff

i found it finally, it was in front of me.

@peek any hint?
i have fed up this msg “Nibbleblog security error - Blacklist protection” and did go through all files on server and github

I think to had found all I need, but I need a hand for use this! Can someone help me?

Finally got user and root :slight_smile: