[HackTheBox] Nibbles

This box didn’t Require any reconnaissance since I looked at the home page of the website and knew exactly what was to be done.

nibbleblog has a very cliched RCE which only requires some credentials which I hoped to guess.

admin:nibbles worked.

After that it was the most basic exploit.

Now lets work on Privilege Escalation.

Privilege Escalation:

This file was owned by me hence I could edit it.

PWNED!!

Apart from the guessing part this was pretty easy.

--

--

--

To hack the world, first you need to make coffee

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Software that’s not secure is like a car without wheels: dangerous, and of no value at all

{UPDATE} Be the Manager 2018 Hack Free Resources Generator

4 Cybersecurity Threats Your Startup Might Already Be Victim To

Entrepreneur making secure payment on laptop

The only real secure way to store your database passwords.

November has been quite a month for EPNS 🤩

5 Benefits of Security Cameras that Attract You?

Why we need InsureDAO

Hotmail Accounts Not Receiving Gmail Emails: Here Are the Fixes

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Siddharth Johri

Siddharth Johri

To hack the world, first you need to make coffee

More from Medium

IIS & Always Encrypted Process

Recursion. Here we go again…

Getting Started With Amazon S3

Project 5 Part 1 : ESP32 Output — Display