Whitelist: Nibbles

NIBBLES

- Layout for this exercise:

1 - INTRODUCTION

- The goal of this exercise is to develop a hacking process for the vulnerable machine Nibbles, what is a retired machine from the Hack the Box pentesting platform:

https://www.hackthebox.eu

2 - ENUMERATION

- Nibbles machines's IP is 10.10.10.75:

- Scanning with Nmap, there are just two open ports 22 and 80:

- Scanning deeper:

- Browsing the web page:

- Viewing the source it seems that there is a folder called /nibbleblog:

- Same result with curl:

- Connecting to /nibbleblog it results to be a blogging platform:

- Dirbusting /nibbleblog:

- Dirbusting for files with extensions .php:

- So we have found directories like /admin, /content, /languages and files like admin.php, feed.php, install.php, sitemap.php, update.php

- Let's examine some of the files and directories found with dirb.

- admin.php provides a login form:

- feed.php:

- install.php:

- update.php show that the version used is Nibbleblog 4.0.3 "Coffee":

- sitemap.php:

- /content:

- Going to /nibbleblog/content/private/users.xml we find the username admin:

- /languages:

3 - EXPLOITATION

- CVE-2015-6967 informs about the vulnerability found at Nibbleblog for versions before 4.0.5 (as seen before Nibbles uses versions 4.0.3):

- Metasploit provides a module to exploit this vulnerability:

- Using this module we get a Meterpreter session, passing the parameters username admin (discovered at users.xml) and password nibbles (just guessed):