[HackTheBox] Nibbles

This box didn’t Require any reconnaissance since I looked at the home page of the website and knew exactly what was to be done.

nibbleblog has a very cliched RCE which only requires some credentials which I hoped to guess.

admin:nibbles worked.

After that it was the most basic exploit.

Now lets work on Privilege Escalation.

Privilege Escalation:

This file was owned by me hence I could edit it.

PWNED!!

Apart from the guessing part this was pretty easy.