THM: Vulnerability Capstone

---

Ref:

• THM: Vulnerabilities 101

• THM: Exploit Vulnerabilities

• THM: Vulnerability Capstone

• Exploit-DB

• NVD (National Vulnerability Database)

• OWASP framework

• Rapid7

• Wordpress Plugin SP Project & Document

---

Step 1 - Nmap

nmap 10.10.67.58

Starting Nmap 7.60 ( https://nmap.org ) at 2024-03-23 00:48 GMT
Nmap scan report for ip-10-10-67-58.eu-west-1.compute.internal (10.10.67.58)
Host is up (0.00027s latency).
Not shown: 998 closed ports
PORT   STATE SERVICE
22/tcp open  ssh
80/tcp open  http
MAC Address: 02:89:D9:14:39:AF (Unknown)

Nmap done: 1 IP address (1 host up) scanned in 1.68 seconds

Step 2 - port 80 open -> http Go to the browser Fuel CMS

1. What is the name of the application running on the vulnerable machine? Fuel CMS

2. What is the version number of this application? 1.4

3. What is the number of the CVE that allows an attacker to remotely execute code on this application?
   • searchsploit -> Fuel CMS -> Romte Execute Code
   • exploit-db -> search -> Fuel CMS -> CVE # -> CVE-2018-16763
4. There is an exploit located on the AttackBox

• Create a listener from the attack box w/ port:8081

  nc -lvnp 8081
  

Use the exploited provided under /usr/share/exploits/vulnerabilitiescapstone

python3 exploit.py 10.10.67.58

1. What is the value of the flag located on this vulnerable machine? This is located in /home/ubuntu on the vulnerable machine. THM{ACKME_BLOG_HACKED}