Skip to content

Nickel 🔸

Enumeration

Devops dashboard in 8089

Initial Access

These options calls port 3333 with a invalid token response, but if we change it to post, we have a response.

Password is in base64 -> NowiseSloopTheory139

Get the flag

Privilege Escalation

Get pdf from ftp

It's protected, using pdf2john and john

Using netstat we can see that there is a port 80 open on the inside.

Port forward using ssh

Using the pdf commands.

Let's put a reverse shell

Post Exploitation

Get the flag