Htb

Another one down from the Lain Kusanagi list - this time it’s Nibbles, an Easy Linux box. Classic web enumeration into authenticated RCE, with a clean sudo privesc to wrap it up. Machine info Name Nibbles Platform HackTheBox OS Linux Difficulty Easy TL;DR Nibbleblog v4.0.3 with default credentials (admin:nibbles) Authenticated file upload RCE (CVE-2015-6967) for initial shell as nibbler sudo -l reveals monitor.sh can be run as root with NOPASSWD Overwrite monitor.sh with SUID payload on /bin/bash to get root Recon RustScan + Nmap 1 rustscan -a 10.129.20.162 -- -sV -sC -Pn -A ...

Why this post exists This is the first in a series of write-ups I’m publishing as part of my OSCP preparation. The strategy is to follow the Lain Kusanagi curated list (a fork/evolution of the classic TJNull list), which selects HackTheBox machines with attack vectors and exploitation patterns similar to those found in the exam. The goal of these posts is not just to document the solution, but to consolidate what I’ve learned: each write-up is structured as a condensed pentest report - recon, enumeration, foothold, privesc and takeaways - in the same format OffSec expects in the exam. ...