NIbbles

I know the exploit, I have not been able to even see or to get to a 'log in" page after multiple tries of setting the username and password as different things for Metasploit. (delete if spoiler) please, any hints?

never mind, got the login page, just not sure where to go from here

fuck cant get the root.txt :frowning:

No matter which shell I try, I keep getting “This exploit may require manual cleanup of ‘image.php’ on the target”. Am I missing something here?

i found what i need to find to get root.txt… clearly should be able to use it to elevate. however, when trying to utilize what i found with the proper permissions, i’m seeing this:

“: unable to resolve host Nibbles: Connection timed out
: no tty present and no askpass program specified”

any ideas here? nothing i’ve been able to do, reading up on ttys, has been able to get this to work.

I tried the solution multiple times and then spent time in a rabbit hole. When I went back to the original solution is worked.

@dvnv said:
i found what i need to find to get root.txt… clearly should be able to use it to elevate. however, when trying to utilize what i found with the proper permissions, i’m seeing this:

“: unable to resolve host Nibbles: Connection timed out
: no tty present and no askpass program specified”

any ideas here? nothing i’ve been able to do, reading up on ttys, has been able to get this to work.

Same here…WTF?

@dvnv @jc1396 Same here. I’m sure we’re all trying the same types of things, and probably very close to getting it.

Oh well, i dont know if were close enough to get that root hash. the others says that it is the same with bashed machine :slight_smile:

hint about default user and pass ?

@paytaktr said:
hint about default user and pass ?

ok. i found :slight_smile:

Hi,
I have successfully logged in, but I can’t seen to get shell on the machine, can anyone throw a hint or at least direction what to look for? it should be done by lfi? thanks.

Need help with the SQLi

@dvnv same here

How can I find the default user and password? I stuck here for a week :anguished:

For those that saw “unable to resolve host Nibbles: Connection timed out” when running a command, you can ignore it. The command still runs but thows the warning because the hostname is Nibbles, and the hosts file is missing that entry.

Hi,
Im new here and its great - something new for me. I hve question about pwd - I was lucky and found username/password combination. It’s there some other way to find that combination or just guessing? I want an answer only with yes/no. Thanks.

@blackangel said:
Hi,
Im new here and its great - something new for me. I hve question about pwd - I was lucky and found username/password combination. It’s there some other way to find that combination or just guessing? I want an answer only with yes/no. Thanks.

Not to my knowledge, but this kind of login combo is a recurring theme on this site :slight_smile:

Great, thank you.

Hi all, i got the user, but can’t have the root. can someone help me pls ?