Nickel 🔸

Enumeration

DevOps dashboard at port 8089.

These options call port 3333 with an invalid token response, but if we change it to POST, we have a response.

Password is in base64 -> NowiseSloopTheory139

Get the flag.

Get PDF from ftp.

It's protected. Using pdf2john and john:

Using netstat, we can see that there is a port 80 open on the inside.

Port forward using ssh.

Using the PDF commands.

Let's put a reverse shell.

Get the flag.