Contrxl’s Substack

Contrxl’s Substack

Share this post

Contrxl’s Substack
Contrxl’s Substack
Vulnerability Capstone - {TryHackMe}
Copy link
Facebook
Email
Notes
More

Vulnerability Capstone - {TryHackMe}

The URL for this room is: https://tryhackme.com/room/vulnerabilitycapstone

Contrxl
Jun 04, 2024

Share this post

Contrxl’s Substack
Contrxl’s Substack
Vulnerability Capstone - {TryHackMe}
Copy link
Facebook
Email
Notes
More
Share

Recon

To begin, run nmap -sV -vv -oN nmap/init [IP_ADDR] to identify any open ports or potentially vulnerable services. This scan returns two open ports, one running SSH on port 22 and the other running a web server on port 80.

Terminal output of the nmap scans.

The web server on port 80 is hosting a boilerplate page for “Fuel CMS Version 1.4” and not much else.

Fuel CMS homepage.

Exploitation

Run searchsploit fuel cms or search online for available exploits for this service. Using searchsploit provides the following results:

Terminal output of searchsploit results.

For this challenge, this exploit works well. Start a listener on the attacking machine with nc -nvlp 9999 and then follow the instructions to execute the script. This should return a shell as www-data which is enough to get the flag (the challenge instructions give away the flag location).

Terminal output showing shell as www-data.

More detailed info on commands etc. used here can be found in my GitBook notes below - happy hacking!

GitBook

Thanks for reading Contrxl’s Substack! Subscribe for free to receive new posts and support my work.

Share this post

Contrxl’s Substack
Contrxl’s Substack
Vulnerability Capstone - {TryHackMe}
Copy link
Facebook
Email
Notes
More
Share

Discussion about this post

No posts

Ready for more?

© 2025 Contrxl
Privacy ∙ Terms ∙ Collection notice
Start WritingGet the app
Substack is the home for great culture

Share

Copy link
Facebook
Email
Notes
More