Time to apply what we have learnt in the last two lessons with a practical lesson on Vulnerability Capstone.
Let’s start this #FromZeroToHacker challenge!
Table of contents |
Introduction |
What have I learnt today? |
Stats |
Resources |
Introduction to Vulnerability Capstone
Ackme Support Incorporated has set up a new blog and they asked us for a security audit before they start publishing articles to the public. We need to perform a security audit on the blog, looking for and abusing any vulnerabilities we may find.
What have I learnt today?
Challenge questions
Exploit the Machine (Flag Submission)
- Deploy the vulnerable machine attached to this task & wait five minutes before visiting the vulnerable machine.
Done. - What is the name of the application running on the vulnerable machine?
Open the website using the IP address in your browser: The name is in the header. - What is the version number of this application?
Open the website using the IP address in your browser: The number is in the header. - What is the number of the CVE that allows an attacker to remotely execute code on this application?
Visit Exploit-DB and search for the name of the application we used as an answer to the second question, and look for any CVE that lets you create an RCE. You can also search the same name in Searchsploit, and read the comments of any RCE solution. - Use the resources & skills learnt throughout this module to find and use a relevant exploit to exploit this vulnerability.
Download an exploit from Exploit-DB or searchsploit. If none of those exploits works, you have an easy-to-use exploit on/usr/share/exploits/vulnerabilitiescapstone
. This is the one I used to solve the last question. - What is the value of the flag located on this vulnerable machine? This is located in /home/ubuntu on the vulnerable machine.
Open a terminal and run a Netcat listener. Then, run the exploit withpython3 exploit.py IP
, type your IP and the listener port you set up seconds ago. Navigate to /home/ubuntu andcat
the file. There is your flag.
Summary
In this lesson, we have exploited a machine. To do so, we have:
- Discovered the application running on the vulnerable machine and its version number.
- Searched for a CVE that let us use an RCE exploit.
- Found the flag in the system.
Stats
From 80.471th to 78.514th.
Here is also the Skill Matrix:
Resources
Path: Jr Penetration tester
Vulnerability research
TryHackMe: Vulnerability Captstone