Try the Room TryHackMe Vulnerability Capstone and apply the knowledge gained throughout the Vulnerability Module in this challenge room, complete the Jr Penetration Tester and learn from enumeration to exploitation, get hands-on with over 8 different privilege escalation techniques.

TryHackMe Vulnerability Capstone
TryHackMe Vulnerability Capstone

TryHackMe Vulnerability Capstone

Summarize the skills learnt in this module by completing this capstone room for the “Vulnerability Research” module. 

Ackme Support Incorporated has recently set up a new blog. Their developer team have asked for a security audit to be performed before they create and publish articles to the public. 

It is your task to perform a security audit on the blog; looking for and abusing any vulnerabilities that you find.

Room Link : https://tryhackme.com/room/vulnerabilitycapstone

Nmap – Scan the Host

Let’s start scanning the host with nmap and a few arguments to verify versions a run basic scripts:

nmap -sC -sV 10.10.56.89

What is the name of the application running on the vulnerable machine?

Open the IP on Firefox and we can check that is using Fuel CMS.

firefox http://10.10.59.89
Fuel CMS

Firefox – Verify Web Application

After open the wqebapp if we scroll down default Admin login is exposed, login with credentials and you can verify the CMS version

What is the version number of this application?

1.4

Find Exploit for Fuel CMS 1.4

searchsploit fuel
searchsploit -m 

What is the number of the CVE that allows an attacker to remotely execute code on this application?

Format: CVE-XXXX-XXXXX

CVE-2018-16763

What is the value of the flag located on this vulnerable machine? This is located in /home/ubuntu on the vulnerable machine.

THM{ACKME_BLOG_RFS}

TryHackMe Jr Penetration Tester Certification

tryhackme junior penetration tester,capstone meaning,linux privilege escalation

Oh hi there 👋 It’s nice to meet you.

Sign up to receive awesome content in your inbox, every month.

Read our privacy policy for more info.

PopLAbSec_Logo

Hacking tips!

We don’t spam! Read our privacy policy for more info.