[HTB] – Nibbles writeup

Hey guys! Today we are on Hack The Box for see Nibbles writeup. This machine, was been relatively easy compared to other machine. The web part was easy enough and the privilege escalation: “a piece of cake” 😀

Start with a simple nmap scan:

Copy to Clipboard

The result is:

Copy to Clipboard

How you can see there are two ports open: 22 for ssh service and 80 for web service. Open the browser and let’s see what’s there is. The home page is a simple “hello world”, but examining the source code, we can find a comment with a directory: “/nibbleblog/”, then open the page with “/nibbleblog/” directory:

Interesting, now open dirbuster for search new pages or directories. After a few minutes, we can see that dirbuster has found many directories, in particular the directory admin!

Let’s what’s in admin directory:

very interesting, practically there are many backend files! Looking through the files there is “/nibbleblog/admin/template/easy4/includes/sidebar.bit” that is more interesting, because in this file there is type an interesting link: admin.php. Open the page for see if there is a login page:

Yeah! We can try with direct username and password such as “admin” “admin” or “admin” “nibbles”, in fact the user is “admin” and password is “nibbles” cool! 😀 Since nibbleblog is a framework for blog, we can search if there is a CVE, then, in terminal, type:

there is also a metasploit module, that is for 4.0.3 version as the blog! Then open msfconsole and use this module:

Copy to Clipboard

as payload use this:

Copy to Clipboard

Now we must setup the options:

Copy to Clipboard

Yeah! Now we spawn a bash shell with this simple command:

Copy to Clipboard

and get the user.txt:

Perfect! Now let’s go with privilege escalation. First step type “sudo -l” for see if we have permission for use sudo, in fact we can use this script with root permission:

Copy to Clipboard

Now we can modify this script writing “sh” at the bottom, then run it:

Copy to Clipboard

Yeah, now we are administrator of Nibbles 😀

Recent Comments

    Recent Tweets

    For privacy reasons Twitter needs your permission to be loaded.
    I Accept

    About the Author:

    Leave A Comment

    This site uses Akismet to reduce spam. Learn how your comment data is processed.