Nibbles Write-up by Stevv

My Nibbles write-up: Hack the Box: Nibbles Writeup - Steffin Stanly
I hope you enjoy it

Just a bit of feedback.

  1. Don’t include the content of the user.txt or root.txt in your write up. This will encourage people to actually do something to get the flags rather than just C&P from your write up.
  2. Make your goal to be getting root user, rather than your goal being to get root.txt. This way it’s a real world transferable skill. In your example you cat root.txt in to the shell script, but why not put something like su in there instead?
  3. Try to understand what metasploit is doing and replicate that so that you’re not relying on metasploit to do the work for you. I’ve found that doing this myself, I’ve learnt a hell of a lot.

Very good work though. It reads well.

@Largoat totally agree with you, I prefer to try and use scripts / netcat / manually inject the payload / etc… instead of relying on metasploit / meterpreter, you learn a hell of a lot more that way. Same thing with the flag, it’s more interesting to get a root shell, the hash is only useful here on htb but not really anywhere else.
FYI, I copied su over monitor.sh, ran it and got root.