Ignite

https://tryhackme.com/room/ignite

Open Ports:

• 80: HTTP
  • It has Remote Code Exec Vul
  • Fuel CMS 1.4

Port 80:

Gaining Access:

1. Download the Python file from exploit-db (feul cms 1.4.1)
   • Change the ip and the port
   • Remove proxy

        Python exploit.py
     

     USER Flag:

     

Privilege Escalation:

1. Go to database.php i.e

    cd var/html/www/fuel/application/config/database.php
   

   

     cat database.php
   

   

2. Now convert your shell to tty

    > python -c 'import pty; pty.spawn("/bin/sh")'
    > su(**and then the passwd**)
   

   Root Flag: