PasteNow logo
PasteNow logo

HTB-Nibbles Writeup (OSCP prep)

Introduction

Referring to NetSecFocus Trophy Room, here is the information and steps for the machine, Nibbles.

Information

  • Victim IP??? 10.10.10.75
  • Attack IP??? 10.10.16.5

Vulnerability description

  • Nibbleblog is vulnerable to CVE-2015–6967.
  • The website is using weak password.
  • There is an issue with improperly configured permissions for the monitor.sh.

Attack Steps

Enumerate

Use command `rustscan -u 5000 -a 10.10.10.75 — -sVC -oN tcp.txt` scan the open tcp port and use nmap scan service detail information.

Visit Now

Tags: HTB Nibbles

More to read

Related posts

Nov 4, 2023

HTB-Granny Writeup.

As you can see, we see a file called extractPorts.py that is a python customized file to extract ports as its name say, specifically for grepable…

Latest

Recent posts

May 5, 2026

Fire Protection in UAE

https://www.evora-fireproofing.com/what-factors-increase-the-importance-of-fire-protection-coating-for-a-business/ Ensure the top level of Fire Protection in UAE with Evora Fire Protective Coating! We offer world-class services that will help you protect your…

May 5, 2026

Did a search on Google and found this page at no.1. Congratulations. Great post and keep it up

May 1, 2026

How to Measure for Curtains

Choosing the right curtains can add privacy and style to a room. Proper measurement of your ready-made or custom window treatments is crucial so…

May 1, 2026

Top-Quailty Internet Service Provider in Nigeria

https://www.easyfie.com/read-blog/2364150_what-boosted-the-internet-reliability-in-nigeriaLooking for a premium Internet Service Provider Nigeria? Layer3 delivers consistent, high-speed broadband and enterprise connectivity tailored to your needs. Join thousands of satisfied…

May 1, 2026

Hello 123

Introducing Wavity AI: The Autonomous Incident GuardianWavity AI is not just another chatbot or rule-based engine. It’s a sophisticated, AI-driven incident response platform designed…

May 1, 2026

HELLO

Introducing Wavity AI: The Autonomous Incident GuardianWavity AI is not just another chatbot or rule-based engine. It’s a sophisticated, AI-driven incident response platform designed…

Apr 30, 2026

Dermatologist in Panchkula | Purva

Need a trusted dermatologist in Panchkula? Visit Purva Skin Clinic for expert skin care. Our team treats acne, pigmentation, wrinkles, and more. We use…

Apr 30, 2026

Professional Fund Accounting Services Ireland

Professional Fund Accounting Services Ireland provides asset managers and funds throughout Ireland with accurate, compliance financial reporting and NAV computations. For more information, you…

Apr 30, 2026

Construction Site Security Sydney

https://optimumsecurity.com.au/keep-your-construction-site-fully-secured-with-optimum-security-services/ Enhance your Construction Site Security Sydney with Optimum Security Services! Being a leading company, we offer robust security solutions to all homeowners and…