, , , ,
Vulnerability Capstone

Day 053 #FromZeroToHacker – Vulnerability Capstone Writeup

Time to apply what we have learnt in the last two lessons with a practical lesson on Vulnerability Capstone.

Let’s start this #FromZeroToHacker challenge!

Table of contents
Introduction
What have I learnt today?
Stats
Resources

Introduction to Vulnerability Capstone

Ackme Support Incorporated has set up a new blog and they asked us for a security audit before they start publishing articles to the public. We need to perform a security audit on the blog, looking for and abusing any vulnerabilities we may find.

What have I learnt today?

Challenge questions

Exploit the Machine (Flag Submission)

  1. Deploy the vulnerable machine attached to this task & wait five minutes before visiting the vulnerable machine.
    Done.
  2. What is the name of the application running on the vulnerable machine?
    Open the website using the IP address in your browser: The name is in the header.
  3. What is the version number of this application?
    Open the website using the IP address in your browser: The number is in the header.
  4. What is the number of the CVE that allows an attacker to remotely execute code on this application?
    Visit Exploit-DB and search for the name of the application we used as an answer to the second question, and look for any CVE that lets you create an RCE. You can also search the same name in Searchsploit, and read the comments of any RCE solution.
  5. Use the resources & skills learnt throughout this module to find and use a relevant exploit to exploit this vulnerability.
    Download an exploit from Exploit-DB or searchsploit. If none of those exploits works, you have an easy-to-use exploit on  /usr/share/exploits/vulnerabilitiescapstone. This is the one I used to solve the last question.
  6. What is the value of the flag located on this vulnerable machine? This is located in /home/ubuntu on the vulnerable machine.
    Open a terminal and run a Netcat listener. Then, run the exploit with python3 exploit.py IP, type your IP and the listener port you set up seconds ago. Navigate to /home/ubuntu and cat the file. There is your flag.

Summary

In this lesson, we have exploited a machine. To do so, we have:

  • Discovered the application running on the vulnerable machine and its version number.
  • Searched for a CVE that let us use an RCE exploit.
  • Found the flag in the system.

Stats

From 80.471th to 78.514th.

Here is also the Skill Matrix:

Skills Matrix

Resources

Path: Jr Penetration tester

Vulnerability research

TryHackMe: Vulnerability Captstone

Other resources

Vulnerabilities 101
Exploit Vulnerabilities
Exploit-DB