关联漏洞
描述
In this repository you will find the technical report of Nibbles, the exploit to abuse the CVE-2015-6967 and an autopwn tool in case you want to resolve the machine in HackTheBox
介绍
# HTB_Nibbles
In this repository you will find the technical report of Nibbles, the exploit (pwned.py) to abuse the CVE-2015-6967 and an autopwn tool (autopwn.py) in case you want to resolve the machine in HackTheBox.
- Pwned.py tool: This file will help you to exploit CVE-2015-6967. If you want to run this exploit you will need to satisfy 3 requirements:
- You will need to create a PHP file with a command to execute in the Nibbleblog server. For example:
\<?php
system("whoami");
?\>
- In case you want to execute a reverse shell you will need to be listening in the same port as you specified in the PHP file.
- Run the tool correctly: python3 pwned.py <base_url_nibbleblog> <nibbleblog_admin_user> <nibbleblog_admin_password>
- Autopwn.py: This file will give you root permissions of the Nibbles machine when you run it. It must meet the same 3 requirements as the previous tool.
文件快照
[4.0K] /data/pocs/8ded511f8ae98f7978079a9258ed65cdc190458c
├── [3.1K] autopwn.py
├── [2.4M] Informe Tecnico.pdf
├── [2.2K] pwned.py
└── [ 914] README.md
0 directories, 4 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。