All Rooms
Vulnerability Capstone
easy30 mintryhackme
A capstone room pulling together all vulnerability research and exploitation skills from the module. Deploy the target machine, identify the running application (Fuel CMS 1.4) through version disclosure, find the relevant CVE (CVE-2018-16763, an authenticated RCE via the pages module), exploit it to gain command execution on the server, and retrieve the flag from /home/ubuntu. No guided steps — apply the methodology end to end.
Skills You Will Learn
vulnerability-researchcve-exploitationfuel-cmsrce
Prerequisites
- thm-vulnerabilities101
- thm-exploitingavulnerabilityv2
- searchsploit
- version-disclosure
- rce
Walkthrough Phases
1
Application Identification
Identify the running application and version through version disclosure
2
CVE Research
Find the CVE for Fuel CMS 1.4 and locate a working exploit
3
Exploit Execution and Flag Retrieval
Run the exploit, establish command execution, retrieve the flag
6 questions to answer
alienrecon start thm-vulnerabilitycapstoneDon't have AlienRecon? Get started here