NIbbles

Hey guys,
it’s my first week here. I’m working on nibbles since yesterday and found the credentials… i was logged in 2 times. But after a Reset it doesn’t work anymore. I can send anyone the credentials to verfiy it.

@Skullsec said:
SPOILER! SPOILER! SPOILER!

Someone help me how to fix this f*cking problem:

This exploit may require manual cleanup of ‘image.php’ on the target

Thanks.

I hate to be the dude that says reset… But you are gonna want to reset the box

Anyone got any further hints on initial pw, im sure its staring me in the face, but its driving me nuts

@gorias said:
Anyone got any further hints on initial pw, im sure its staring me in the face, but its driving me nuts

You can guess the password with all the informationen you have so far!

Got it - It really is obvious

i tried alot i cant get it .wat is the user name help me

@PinkPanther said:

@Skullsec said:
SPOILER! SPOILER! SPOILER!

Someone help me how to fix this f*cking problem:

This exploit may require manual cleanup of ‘image.php’ on the target

Thanks.

I hate to be the dude that says reset… But you are gonna want to reset the box

I solved that and cat root.txt, but thanks to your answer…

@Skullsec

Was the issue rebooting? I had the same cleanup issue, tried the reset but no dice

Anyone around to message a quick question or two? I feel like I have what I’m looking for. Just need to clear up something.

@msshtb said:
Anyone around to message a quick question or two? I feel like I have what I’m looking for. Just need to clear up something.

What is the question?

@Skullsec said:

@msshtb said:
Anyone around to message a quick question or two? I feel like I have what I’m looking for. Just need to clear up something.

What is the question?

Thanks, but I got to the next step! Appreciate it.

So I started working this box last night I easily guessed the first password. Dirbuster didn’t find anything that stuck out, so now I’m not sure if I should be finding something on the site to establish an ssh username or exploiting the site itself. Not really sure if I want hints or am just using this post to vent my frustrations.

So I finally got a ‘shell’ but it is pretty shady and won’t let me complete actions that I should be able to complete. User.txt done, root.txt to go!

I am logged into the site, but Im hitting a brick wall now. Any hints for my next step?

@treadstone said:
I am logged into the site, but Im hitting a brick wall now. Any hints for my next step?

You’ll need the username and pass outside the site haha… if you need another hint, PM me…

hows everyone getting on with root on this box? -any hints would be nice

@gorias said:
hows everyone getting on with root on this box? -any hints would be nice

Not going to lie, the initial “password guessing” had me in all sorts of wtf, but the priv esc is extremely straightforward.

As previously stated, some basic enumeration will bring up something fishy

That password lol!!! I did got FFS after I logged in .

meh, its easy all about Enumeration

@hartkon said:
This machine retired Blue. Its very easy to get user. Try not to overthink and get a “default” point of view.

tried everything but can’t seem to find what everyone is talking about i have tried not to overthink