pastenow
pastenow

HTB-Nibbles Writeup (OSCP prep)

<h1>Introduction</h1> <p>Referring to&nbsp;<a href="https://docs.google.com/spreadsheets/u/1/d/1dwSMIAPIam0PuRBkCiDI88pU3yzrqqHkDtBngUHNCw8/htmlview#" rel="noopener ugc nofollow" target="_blank">NetSecFocus Trophy Room</a>, here is the information and steps for the machine, Nibbles.</p> <p><img alt="" src="https://miro.medium.com/v2/resize:fit:535/1*wCLil8lTfeut9QFI_Vc0LA.png" style="height:475px; width:486px" /></p> <h2>Information</h2> <ul> <li>Victim IP: 10.10.10.75</li> <li>Attack IP: 10.10.16.5</li> </ul> <h2>Vulnerability description</h2> <ul> <li>Nibbleblog is vulnerable to CVE-2015&ndash;6967.</li> <li>The website is using weak password.</li> <li>There is an issue with improperly configured permissions for the monitor.sh.</li> </ul> <h1>Attack Steps</h1> <h2>Enumerate</h2> <p>Use command `rustscan -u 5000 -a 10.10.10.75 &mdash; -sVC -oN tcp.txt` scan the open tcp port and use nmap scan service detail information.</p> <p><a href="https://medium.com/@viviol7949/htb-nibbles-writeup-oscp-prep-d5701a4cc1af"><strong>Visit Now</strong></a></p>
Tags: HTB Nibbles