TryHackMe CTF : Ignite

In the series of solving CTF, today I am going to play a CTF named "Ignite"

As usual, Start with Nmap scan:

Along side I started a gobuster scan on this machine, I was not able to find something very significant and this is the result of that scan:

As port 80 is open visit this IP on the browser, where I found admin credentials :

After login in using admin creds, I was not able to find anything significant. So I googled Fuel CMS version 1.4 and here I got potential exploits

After visiting each webpage, I was not able to understand how to use this exploitation script so I googled this:

Fourth from the top GitHub repo was helpful, It showed how to use the exploit:

I started a netcat listener on port 4444 and ran that exploit script like this:

As we can see I got the connection and went on to see through directories and read files where I got the answer to the first question:

User.txt

6470e394cbf6dab6a91682cc8585059b


Now it's time to elevate our privileges to get the root access on the machine.

After doing basic privilege escalation techniques like checking sudo -l, then looking for cron jobs, then accessing shadow files nothing worked, so I started looking from start there on the first page I got:

so let's visit database.php file and see what can be found:

and we got a username root and password associated with it, that might work :

Root.txt:

b9bbcb33e11b80be759c4e844862482d