Question 1
What port number has a web server with a CMS running? Run an nmap enumeration
We found several http ports open.
Question 2
What is the username we can find in the CMS? Browse the room on the correct port. Read carefully the different information you will found inside the website. The answer is given.
Question 3
What is the password we can find for the username? Same as previous question. Answer is given on the website.
Question 4
What version of the CMS is installed on the server? (Ex: Name 1.1.1) Found the correct path to login into the admin section of this CMS. You can browse the editor’s website to found the information.
Question 5
There’s an exploit for a previous version of this CMS, which allows authenticated RCE. Find it on Exploit DB. What’s its EDB-ID? Make a simple Google research or directly on exploitDB website to found the EDB-ID of the exploit.
Question 6
What’s the full path for this exploit? (Ex: exploit/….) Don’t forget to update metasploit and then make a reasearch like:
Question 7
Set the metasploit option’s Check the options of thbe exploit and fill the missing options.
use exploit/... show options
Question 8
Look for flag.txt inside the machine With your remote shell as root, just browse the room to found the correct flag.