NIbbles

c60cb859 · May 18, 2018, 8:50am

@GhostCat said:

logedIn. enumerated directories. but cant find user.txt. any Hint ?

What can you find?

GhostCat · May 18, 2018, 4:38pm

@c60cb859 said:

@GhostCat said:

logedIn. enumerated directories. but cant find user.txt. any Hint ?

What can you find?
all the directories keep changing but most recently i was able to find image.php.

krxxp · May 18, 2018, 6:28pm

@GhostCat said:

logedIn. enumerated directories. but cant find user.txt. any Hint ?

Did you get a shell?

GhostCat · May 18, 2018, 9:15pm

@xdaem00n said:

@GhostCat said:

logedIn. enumerated directories. but cant find user.txt. any Hint ?

Did you get a shell?

image.php looked like shell but cannot execute any linux commands. Apart from that i found monitor.sh

RedHood · May 18, 2018, 10:30pm

Hello! I think I have a problem. When I thought I’m logged in the application, the web throws: “Nibbleblog security error - User not logged”. I’ve tried to change the params but nothings happens. Somebody could help me?

tang0charlie · May 18, 2018, 10:35pm

Spent half a day and so so frustrated with the admin panel. I saw the earlier messages and tried everything that I could think of! No matter what I try it won’t take it Can someone please DM…I am just tired now!

tang0charlie · May 18, 2018, 10:50pm

@tang0charlie said:
Spent half a day and so so frustrated with the admin panel. I saw the earlier messages and tried everything that I could think of! No matter what I try it won’t take it Can someone please DM…I am just tired now!

Never mind! Got it

c60cb859 · May 19, 2018, 5:07am

@GhostCat said:

@xdaem00n said:

@GhostCat said:

logedIn. enumerated directories. but cant find user.txt. any Hint ?

Did you get a shell?

image.php looked like shell but cannot execute any linux commands. Apart from that i found monitor.sh

You should get a shell where you can execute commands, like ls and whoami

tang0charlie · May 19, 2018, 9:23am

Is there any telegram group of HTB users?

mxchai · May 19, 2018, 3:23pm

I’ve read through the whole thread but still couldn’t log into the web application. If anyone could give me some hints, please PM me. Thanks.

mxchai · May 19, 2018, 3:29pm

I managed to find the default login. Sorry for posting too hastily.

GhostCat · May 19, 2018, 5:25pm

@c60cb859 said:

@GhostCat said:

@xdaem00n said:

@GhostCat said:

logedIn. enumerated directories. but cant find user.txt. any Hint ?

Did you get a shell?

image.php looked like shell but cannot execute any linux commands. Apart from that i found monitor.sh

You should get a shell where you can execute commands, like ls and whoami

got shell and user.txt. Thanks

GhostCat · May 19, 2018, 7:41pm

any hints on prev-esc? got results for LinEnum.sh

Arch1tect · May 19, 2018, 8:43pm

If anyone needs help with this pm me.

Jukz · May 21, 2018, 3:36am

Can anyone give me hints on the priv esc part? Thanks!

ghroot · May 21, 2018, 6:30am

I couldn’t upgrade shell. Can anyone give me little hint about that? (I think the solution doesn’t include python.Am I right?)

T3jv1l · May 21, 2018, 4:51pm

@ghroot @Jukz @SiegeMinion hint search in google nibbles

Jukz · May 21, 2018, 4:55pm

@T3jv1l said:
@ghroot @Jukz @SiegeMinion hint search in google nibbles

I already rooted yesterday. Thanks tho!

huwwp · May 22, 2018, 4:44am

Has someone reset the password on this? I don’t have any resets left.

Wedde · May 22, 2018, 8:02pm

I am kinda lost, after running LinEnum and finding a file with root privilege i have no idea how to procede after that, anyone got a link on what to try after that?