I’ve done harder machines than this, I know it, but I can’t seem to get passed the first steps on this either, can someone PM me a hint so I can facepalm hard?
@fhlipZero said:
do something simple, with something provided to you, to access root.txt
Please give one more hint.
@agnarus said:
@peek any hint?
i have fed up this msg “Nibbleblog security error - Blacklist protection” and did go through all files on server and github
I did the same, I went through all and everything >.< heeeelp pls
@larry said:
@agnarus said:
@peek any hint?
i have fed up this msg “Nibbleblog security error - Blacklist protection” and did go through all files on server and githubI did the same, I went through all and everything >.< heeeelp pls
hint: guest it.
@Farmer789 said:
@fhlipZero said:
do something simple, with something provided to you, to access root.txtPlease give one more hint.
some files may have permission to execute
At first I was stuck on the first “default” thingy, I did even checked “seclist github” for it. Guys, the thing you are looking for, is not something in world’s default, but here in hackthebox.
i confess, i gained access to admin page, but I don’t know how to get access to root or user.txt. Some tips?
@Skullsec said:
i confess, i gained access to admin page, but I don’t know how to get access to root or user.txt. Some tips?
we cant answer without spoiling
I must be missing an obvious reference on the login credentials or something, are they literally spelled out somewhere or is there a clue/reference that should lead you to determine them?
@mercwri said:
I must be missing an obvious reference on the login credentials or something, are they literally spelled out somewhere or is there a clue/reference that should lead you to determine them?
In HTB, the names of the machines always means something…
aaaaaaaaaaaaaaaah… got it
@Skullsec said:
@mercwri said:
I must be missing an obvious reference on the login credentials or something, are they literally spelled out somewhere or is there a clue/reference that should lead you to determine them?In HTB, the names of the machines always means something…
I know what a nibble is, but I have no clue how I can “guess” the password with that…
@larry said:
@Skullsec said:
@mercwri said:
I must be missing an obvious reference on the login credentials or something, are they literally spelled out somewhere or is there a clue/reference that should lead you to determine them?In HTB, the names of the machines always means something…
I know what a nibble is, but I have no clue how I can “guess” the password with that…
Think more obvliously… the username is world “default”, the pass is HTB “default”…
If that’s not a spoiler then idk what is. It’s tough to give a hint for this part of the box without completely giving things away =/
yeah well htb default means nothing for me because this is my first box… How do I know any htb defaults … fml
It’s not really a “default” exactly, it’s just something that’s commonly done on this site it seems like
Were we supposed to use ssh at all for this challenge?
@larry said:
yeah well htb default means nothing for me because this is my first box… How do I know any htb defaults … fml
Use everything you know about the machine in HTB…For now, you don’t need to search outside HTB…
If you REALLY think you have the credentials try a reset.
I went back over my notes and I noted I’d already tried the correct credentials but they had triggered a blacklist notification, I reset and re-hit my notes and one of my first attempts let me in this time…
Any tips on password credentials? Dirbusted the ■■■■ out of it. Found the username and the login page but no clue on the password…