Try the Room TryHackMe Vulnerability Capstone and apply the knowledge gained throughout the Vulnerability Module in this challenge room, complete the Jr Penetration Tester and learn from enumeration to exploitation, get hands-on with over 8 different privilege escalation techniques.
TryHackMe Vulnerability Capstone
Summarize the skills learnt in this module by completing this capstone room for the “Vulnerability Research” module.
Ackme Support Incorporated has recently set up a new blog. Their developer team have asked for a security audit to be performed before they create and publish articles to the public.
It is your task to perform a security audit on the blog; looking for and abusing any vulnerabilities that you find.
Room Link : https://tryhackme.com/room/vulnerabilitycapstoneNmap – Scan the Host
Let’s start scanning the host with nmap and a few arguments to verify versions a run basic scripts:
nmap -sC -sV 10.10.56.89What is the name of the application running on the vulnerable machine?
Open the IP on Firefox and we can check that is using Fuel CMS.
firefox http://10.10.59.89Fuel CMSFirefox – Verify Web Application
After open the wqebapp if we scroll down default Admin login is exposed, login with credentials and you can verify the CMS version
What is the version number of this application?
1.4Find Exploit for Fuel CMS 1.4
searchsploit fuelsearchsploit -m What is the number of the CVE that allows an attacker to remotely execute code on this application?
Format: CVE-XXXX-XXXXX
CVE-2018-16763What is the value of the flag located on this vulnerable machine? This is located in /home/ubuntu on the vulnerable machine.
THM{ACKME_BLOG_RFS}TryHackMe Jr Penetration Tester Certification
tryhackme junior penetration tester,capstone meaning,linux privilege escalation