Apply the knowledge gained throughout the Vulnerability Module in this challenge room | Karthikeyan Nagaraj
Make sure to Connect to TryHackMe’s VPN
Task 2 — Exploit the Machine (Flag Submission)
- What is the name of the application running on the vulnerable machine?
First, Let’s Inspect the Website for any clues!
On Seeing the website, we can find that the website uses Fuel CMS
Ans: Fuel CMS
- What is the version number of this application?
Ans: 1.4
- What is the number of the CVE that allows an attacker to remotely execute code on this application?
Let’s google about fuel cms 1.4
We have found that the CVE is about Remote Code Execution
Ans: CVE-2018-16763
- Use the resources & skills learnt throughout this module to find and use a relevant exploit to exploit this vulnerability.
Note: There are numerous exploits out there that can be used for this vulnerability (some more useful than others!)
Let’s use Searchsploit to find another exploit
So Let’s Exploit the Vulnerability!!
After some research I found Errors on the Python File Mentioned above so I Just added another file below which can be used to exploit the Vulnerability for Remote Code Execution
- Make sure to start a Netcat Listener First
- Run the Above Python File as follows below
python3 fuel_cms.py <THM-Machine-IP>
- After that Enter your Machine IP and Listening Port
We got the Reverse Listener on our Terminal : )
Ans: THM{ACKME_BLOG_HACKED}
Feel Free to Ask Queries via LinkedIn : )
Thank you for Reading!!
Happy Hacking ~