Post

HTB Linux Easy: Nibbles

Nibbles is an Easy rated Linux machine on HTB.

Posted
By Gregory Allegoet
1 min read
HTB Linux Easy: Nibbles

Nmap

Pasted image 20240715105123.png

Initial Foothold

Enumerating HTTP (port 80)

In the source of the main page we find a reference to a /nibbleblog directory. Pasted image 20240715105114.png

Nibbleblog is running on the target machine. Pasted image 20240715105110.png

Directory busting with Dirsearch. Pasted image 20240715105103.png

Browsing subdirectories we find a username and a warning for blacklisting (no brute forcing allowed probably). Pasted image 20240715105057.png

Since we arent allowed to bruteforce the login we can try some common credentials, in this case admin:nibbles. Pasted image 20240715105053.png

On the admin page we find a version: 4.0.3. Pasted image 20240715105048.png

There is a Metasploit module that we can use to gain shell access. Pasted image 20240715105044.png

Select exploit in Metasploit. Pasted image 20240715105039.png

Overview of options. Pasted image 20240715105034.png

Set options and gain shell. Pasted image 20240715105030.png

Priv Esc

Sudo -l reveals a file that we can run as root. Pasted image 20240715105026.png

Lets create the file in the appropriate directory and make it spawn a terminal on execution. Pasted image 20240715105021.png

User.txt

Pasted image 20240715105017.png

Root.txt

Pasted image 20240715105011.png

You have PWNED

Pasted image 20240715105003.png

CTF, HTB
Linux Easy
This post is licensed under CC BY 4.0 by the author.