NIbbles

@dvnv @jc1396 Same here. I’m sure we’re all trying the same types of things, and probably very close to getting it.

Oh well, i dont know if were close enough to get that root hash. the others says that it is the same with bashed machine :slight_smile:

hint about default user and pass ?

@paytaktr said:
hint about default user and pass ?

ok. i found :slight_smile:

Hi,
I have successfully logged in, but I can’t seen to get shell on the machine, can anyone throw a hint or at least direction what to look for? it should be done by lfi? thanks.

Need help with the SQLi

@dvnv same here

How can I find the default user and password? I stuck here for a week :anguished:

For those that saw “unable to resolve host Nibbles: Connection timed out” when running a command, you can ignore it. The command still runs but thows the warning because the hostname is Nibbles, and the hosts file is missing that entry.

Hi,
Im new here and its great - something new for me. I hve question about pwd - I was lucky and found username/password combination. It’s there some other way to find that combination or just guessing? I want an answer only with yes/no. Thanks.

@blackangel said:
Hi,
Im new here and its great - something new for me. I hve question about pwd - I was lucky and found username/password combination. It’s there some other way to find that combination or just guessing? I want an answer only with yes/no. Thanks.

Not to my knowledge, but this kind of login combo is a recurring theme on this site :slight_smile:

Great, thank you.

Hi all, i got the user, but can’t have the root. can someone help me pls ?

Hey for those that have been struggling with the login credentials.

If you run the tool cewl to generate the password list from http:///nibbleblog/, then cleanup the data (remove things that are obviously not going to be the passwords). Take the remaining data and convert string to upper and lower case. You should be able to find the password. The login credentials can easily be found by enumerating sub directories using your favorite tools for finding content (burp spider worked for me) and searching the files for clues.

Note, it looks like people are changing the password periodically, so if the password doesn’t hit. Maybe a reset on the box is needed if you don’t find it during your first pass.

I hope this helps anyone that is still struggling with this box.

Regards,
DJ

pm me if u want help, but for anyone looking for root, upload and run linenum.sh as usual, maybe it turns up somin fishy?. Also, make use of the what u got :slight_smile:

Having issues still, got the user.txt. I tried to enumerate and look at cronjobs and permissions for running commands. Am I on the right track looking for commands I can run? I already got a shell out of the box but cant get root or admin access. So with an unprivileged account is looking at file directories in detail a good approach?

@“HeiGou黑狗” said:
Having issues still, got the user.txt. I tried to enumerate and look at cronjobs and permissions for running commands. Am I on the right track looking for commands I can run? I already got a shell out of the box but cant get root or admin access. So with an unprivileged account is looking at file directories in detail a good approach?

i would say ‘enumerate enumerate enumerate’, but that always pisses me off xD, try and find a file maybe, which can pop as root? pm for more info

Spoiler Removed - Arrexel

oh , i did it, but i’am stuck to getting the root ./ any hint ?

@Ju577Ry explore the file system, see if you can find anything interesting to run. (PM me if you want less subtlety)