Enumeration
I scanned ports with nmap command. It founds two ports that is 22 and 80.
I examined http server on 80 port.
I scanned directory with gobuster. There are valuable directories. I looked all directories that returns 200.
Initial Foothold
/README file
I searched this version of nibbleblog whether be vulnerable or not. Luckly. I found a exploit.
https://github.com/dix0nym/CVE-2015-6967
I create a shell payload to use as a webshell.
I run the exploit script. Exploit uploads the shell.php as a image.php. I run the command on the webshell.
I prepare rev shell payload and executed over webshell. I got user flag.
Privilege Escalation
after the sudo -l command I undertand how can ı do with the monitor.sh and inject bash command in sh file. I got the root flag.
