Aromatherapy has the remarkable ability to enhance our surroundings and promote a sense of well-being. Essential oils, with their captivating scents and therapeutic properties, are key players in…
Hello Guys!
TryHackMe room link:
https://tryhackme.com/room/vulnerabilitycapstone
As enjoying doing this challenge and to make this clear to me and for remembering purpose i
write this.
First of all started the machine and wait for one minute :)
then we can see the vulnerable application we got answer fuel CMS and version 1.4 is also mention there.
CVE-2018–1673
It did not work after i try it. then i search on google after all i get RCE code of fuel CMS application on Github.
then copy the code and paste it into ex.py file.
As mention in github screenshot the exploit use command line argument you just need to write the command.
command explanation: we use python3 to run .py file , attacker ip , TryHackMe vpn ip and port.
after this run the listener on port 4444.
command: nc -lvnp 4444
after this we got an access.
just don’t lose hope these things sometimes can be result in failure but after doing by your self you can get use to of this things.
now we get a flag.txt file.
Q1) fuel cms
Q2) 1.4
Q3) CVE-2018–16763
Q4) No answer needed
This article explores how by solving for four we can have infinite correct answers. The same is true solving for God. This is about changing one's mindset.
Anirban Bhowmik aka FunHolic Anirban, is a popular Bengali YouTuber, Comedian, and internet Personality who posts Comedy and Music Videos on his Channel "FunHolic Chokrey" and on His personal Page…