Nibbles

Hello, im doing nibbles and im already in the admin account. And now im really lost what to do next. I tried many ways to exploit but i didnt get any progress. Pls help me. (Or pm me)

google for nibble exploits

@m4rkm3n this exploit not working …i need help

i have this error and i choose password ,targeturi and username [-] Exploit aborted due to failure: no-access: Unable to login. Verify USERNAME/PASSWORD or TARGETURI.

Well you’re typing one of them wrong. username, password or targeturi.

@ozeren27 i know password and i know username and targeturi is nibbleblog …but not working ,why?

@T3jv1l said:
@ozeren27 i know password and i know username and targeturi is nibbleblog …but not working ,why?

For meterpreter you need to set lhost, rhost, uri, admin, password, and payload. And you need to pick the right payload.

Anyone got root? So stuck

@darthgucci lhost my ip ,rhost ip machine ,username axxxx , password xxxx , targeturi /nibbleblog/xxxx.php ,payload php/meterpreter/reverse_tcp …Why not worked?

@T3jv1l said:
@darthgucci lhost my ip ,rhost ip machine ,username axxxx , password xxxx , targeturi /nibbleblog/xxxx.php ,payload php/meterpreter/reverse_tcp …Why not worked?

Read/google the exploit, work out what it does, and do it manually. It’s a simple one

i try manualy but i dont know what port to use for nc

@g1ant372 what extension need php.jpg ? or upload just .php

Try both and see what happens. Experiment.

I try the both …but nothing

for those of you trying to get root, once you enumerate the system you need to figure out how to exploit the interesting this you find from the enumeration output

also remember google is your friend

@darthgucci I got the shell :slight_smile:

@T3jv1l said:
@darthgucci I got the shell :slight_smile:

good job! got r00t this morning

Could someone plz send me the login password? I had enough of bad enumerations and would like to move forward.
Thanks!

@BitsCruncher said:
Could someone plz send me the login password? I had enough of bad enumerations and would like to move forward.
Thanks!

Dude the password is literally staring you in the face…