OverView
Ackme Support Incorporated has recently set up a new blog. Their developer team have asked for a security audit to be performed before they create and publish articles to the public.
| Follow @anir0y | |
| Vulnerability Capstone |  |
| Vulnerability Capstone [Subscription Required] | Vulnerability Capstone |
Task 01: Introduction
Ackme Support Incorporated has recently set up a new blog. Their developer team have asked for a security audit to be performed before they create and publish articles to the public.
It is your task to perform a security audit on the blog; looking for and abusing any vulnerabilities that you find.
task 02: Exploit the Machine (Flag Submission)
Answer the questions below
| S No. | Question | Ans |
|---|---|---|
| 1 | Deploy the vulnerable machine attached to this task & wait five minutes before visiting the vulnerable machine. | n\a |
| 2 | What is the name of the application running on the vulnerable machine? | 2.2 |
| 3 | What is the version number of this application? | open the Web-page |
| 4 | What is the number of the CVE that allows an attacker to remotely execute code on this application? | CVE |
| 5 | Use the resources & skills learnt throughout this module to find and use a relevant exploit to exploit this vulnerability. | n\a |
| 6 | What is the value of the flag located on this vulnerable machine? This is located in /home/ubuntu on the vulnerable machine. | flag |
2.1 Finding the CMS
2.4 Finding CVE
A quick google search reveals the CVE on top result.
2.6 Exploit
i’ll be using this exploit kit under attcker box:
/usr/share/exploits/vulnerabilitiescapstoneexploit download:
Exploit the Box:
run the exploit:
/usr/share/exploits/vulnerabilitiescapstone# python3 exploit.py 10.10.110.27setup reverse connection:
Netcat on other pane:
