CTF Ignite

CTF CMS
Created At :
Count:135 Views 👀 :20
  1. rustscan
  2. Gobuster
    1. Robots.txt
    2. User password of the login page
  3. revershell
  4. Enum with linpeas
    1. CVE
    2. Password in config file

rustscan

Gobuster

gobuster dir -u http://10.10.219.98 -x txt,html,php -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt
language-bashCopy

Not interesting.

Robots.txt

It’s the login page of the CMS

The config file is here:

User password of the login page

So if I user admin:admin in the login page it’s working.

Useless, let’s searsh for an exploit.

revershell

https://github.com/AssassinUKG/fuleCMS

Upgrade my shell:

python -c 'import pty; pty.spawn("/bin/bash")'
language-bashCopy

Enum with linpeas

My computer:

Target:

Then run it.

chmod +x l*
./l*
language-bashCopy

Linpeas is maybe overkill for this box, lse.sh is good for this kind of box.

CVE

Can be root in a sec with this exploit.

Password in config file

Let’s try it on root

The CTF is over.

©2021 Peanutstick's Blog

Built with Hexo and 3-hexo theme