TryHackMe Vulnerability Capstone Walkthrough

Hello Guys!

TryHackMe room link:

https://tryhackme.com/room/vulnerabilitycapstone

As enjoying doing this challenge and to make this clear to me and for remembering purpose i

write this.

First of all started the machine and wait for one minute :)

then we can see the vulnerable application we got answer fuel CMS and version 1.4 is also mention there.

CVE-2018–1673

It did not work after i try it. then i search on google after all i get RCE code of fuel CMS application on Github.

then copy the code and paste it into ex.py file.

As mention in github screenshot the exploit use command line argument you just need to write the command.

command explanation: we use python3 to run .py file , attacker ip , TryHackMe vpn ip and port.

after this run the listener on port 4444.

command: nc -lvnp 4444

after this we got an access.

just don’t lose hope these things sometimes can be result in failure but after doing by your self you can get use to of this things.

now we get a flag.txt file.

Q1) fuel cms

Q2) 1.4

Q3) CVE-2018–16763

Q4) No answer needed

Related posts:

This article explores how by solving for four we can have infinite correct answers. The same is true solving for God. This is about changing one's mindset.

Anirban Bhowmik aka FunHolic Anirban, is a popular Bengali YouTuber, Comedian, and internet Personality who posts Comedy and Music Videos on his Channel "FunHolic Chokrey" and on His personal Page…