TryHackMe CTF : Ignite
In the series of solving CTF, today I am going to play a CTF named "Ignite"
As usual, Start with Nmap scan:
Along side I started a gobuster scan on this machine, I was not able to find something very significant and this is the result of that scan:
As port 80 is open visit this IP on the browser, where I found admin credentials :
After login in using admin creds, I was not able to find anything significant. So I googled Fuel CMS version 1.4 and here I got potential exploits
After visiting each webpage, I was not able to understand how to use this exploitation script so I googled this:
Fourth from the top GitHub repo was helpful, It showed how to use the exploit:
I started a netcat listener on port 4444 and ran that exploit script like this:
As we can see I got the connection and went on to see through directories and read files where I got the answer to the first question:
User.txt
6470e394cbf6dab6a91682cc8585059b
Now it's time to elevate our privileges to get the root access on the machine.
After doing basic privilege escalation techniques like checking sudo -l, then looking for cron jobs, then accessing shadow files nothing worked, so I started looking from start there on the first page I got:
so let's visit database.php file and see what can be found:
and we got a username root and password associated with it, that might work :
Root.txt:
b9bbcb33e11b80be759c4e844862482d