Vulnerability Research: Vulnerability Capstone (TryHackMe)

This article will cover the Vulnerability Capstone write-up under the Jr Penetration Tester on THM.

Introduction

Summarise the skills learnt in this module by completing this capstone room for the "Vulnerability Research" module.

Ackme Support Incorporated has recently set up a new blog. Their developer team have asked for a security audit to be performed before they create and publish articles to the public.

It is your task to perform a security audit on the blog; looking for and abusing any vulnerabilities that you find.

Answer the questions below

Let's get hacking

Exploit the Machine (Flag Submission)

Deploy the vulnerable machine attached to this by pressing the green "Start Machine" button. It is recommended that you use the TryHackMe AttackBox to complete this room.

Allow five minutes to pass before attempting to attack the vulnerable machine MACHINE_IP

Answer the questions below

1. Deploy the vulnerable machine attached to this task & wait five minutes before visiting the vulnerable machine.

2. What is the name of the application running on the vulnerable machine? Fuel CMS

   

3. What is the version number of this application? 1.4

4. What is the number of the CVE that allows an attacker to remotely execute code on this application?

   Format: CVE-XXXX-XXXXX CVE-2018-16763

   

5. Use the resources & skills learnt throughout this module to find and use a relevant exploit to exploit this vulnerability.

   Note: There are numerous exploits out there that can be used for this vulnerability (some more useful than others!)

   

6. What is the value of the flag located on this vulnerable machine? This is located in /home/ubuntu on the vulnerable machine. THM{ACKME_BLOG_HACKED}

   

Thank you for reading my article. Please leave any questions or comments on improving my learning journey and the THM challenges.