Ignite CTF | TryHackME | (RCE) Remote Code Execution

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
hey everybody my name is Ron and welcome to my walkthrough video for the room ignite now this is another CTF from try hack me in this video we'll be using search exploit establishing reverse shells doing privilege escalation to grab those flags and using Len pees now before we get started go ahead and click that like button and subscribe and without further Ado let's get into it okay let's go ahead and get started with the ignite room it's a new startup that has a few issues with their web server as you can see there's only two questions in this room the user flag and the root flag and once you have that machine up and running let's go ahead and check that out so off the bat you'll see that it runs on fuel CMS version 1.4 we'll be looking for an exploit for this in a bit also over here on number two it gives us instructions to install the database and after creating the database change the configuration found in this location it'll include the username and password as you scroll down you'll also see that to log in you can use the username admin and the password admin and and here is the address to log into that so first thing I'm going to do here is look for an exploit for that fuel CMS so we're going to do search exploit fuel CMS and we'll notice we have remote code execution here so let me go ahead and grab this let me go ahead and locate that first let me copy that and let's go ahead and check it [Music] out looking at the code it shows that we have to run Python 3 the script dasu and plug in the URL so let's go ahead and do that Python 3 the script dasu and plug in the URL who am i dub dub dub data and we got access now let's try to get a more interactive shell I'm going to open up a new tab and start a netcat listener so now let's look for a code for netcat for a reverse Shell let's copy this let's make some changes I'm going to change this IP address to my own try hackme VPN IP and I'll be using that Port 1 2 3 4 let me go ahead and copy that and plug it in now we should have a shell let's make this a more interactive version plug in this code who am I du [Music] data now let's go ahead and look for our first flag now that we have access so typically they would put this in their home [Music] and let's go ahead and cut that first flag and here we are next let's get that root flag so looking back at the website under number two install the database we'll see that they give us the location of possible username and password so let's navigate to that CD [Music] this is where we started at first this was the initial directory where we landed after getting a shell and let's go ahead and change directory to this location so that we can see that database PHP and immediately we see that the username root has the password me me so let's go ahead and change to root switch user root plug in that password of me me me or me me and we have the hash let's go and go to the root directory and C that root file and here is the second and last flag now if you found this video useful give me a thumbs up and subscribe for more cyber security content see you guys on the next one now that we do have access let's go ahead and run Lin peas to see what it can find for us so first thing I'm going to go ahead and uh set up a python server and let's go ahead and do a WG on our Lin peas all right let's make it an executable and let's run it let's see what it'll find for us after letting lint piece finish its scan we did find a few things here for example we found the password of root which was M me me we also found the flag the location of the flag again we found the password M me me here when it analyzed the Backup Manager files the location of it and much more that I'm not going to get into but again Lin piece found pertinent information here that we could use or is relative to the questions that we need to answer furthermore we have cves here that may work against this machine and that is it
Info
Channel: RonR1337
Views: 284
Rating: undefined out of 5
Keywords:
Id: 8Zrmb06sl3M
Channel Id: undefined
Length: 5min 19sec (319 seconds)
Published: Mon Oct 16 2023
Related Videos
Lian Yu CTF | TryHackME | Steganography & Directory Enumeration
RonR1337
210
Mr. Robot CTF | TryHackMe
RonR1337
1.3K
TryHackMe CTF Walkthrough - Mr. Robot
faan ross
1.7K
Splunk 2 Boss of the SOC (BOTS) - 200 Series Walkthrough | TryHackMe | Splunk Analysis
RonR1337
310
Agent Sudo CTF | TryHackMe | Steganography, Hydra, & John The Ripper
RonR1337
153
H4cked CTF | TryHackMe | Wireshark Analysis & Hydra
RonR1337
215
45 Drives HomeLab HL 15: Why the Chassis is Important
Level1Techs
34K
RootMe CTF | TryHackMe | Nmap, Gobuster & Reverse Shell Guide
RonR1337
237
Splunk 2 Boss of the SOC (BOTS) - 300 Series Walkthrough | TryHackMe | Splunk Analysis
RonR1337
288
Wgel CTF | TryHackMe | Privilege Escalation
RonR1337
202
Splunk 2 Boss of the SOC (BOTS) - 100 Series Walkthrough | TryHackMe | Splunk Analysis
RonR1337
206
AIWA 3 Head Tape Deck Repair (AD-FF90 / AD-F990)
Mend It Mark
59K
PCIE is the Future, The Discord Issue, & You'll Own Nothing | Discussion w/ Wendell of Level1 Techs
Gamers Nexus
48K
What Killed This Expensive Asus laptop GA502DU
NorthridgeFix
33K
Pickle Rick CTF | TryHackMe | Command Injection
RonR1337
130
You knew I would...
Action Retro
47K
Why are People Buying This $339 Gaming Laptop?!
Toasty Bros
32K
Startup CTF | TryHackMe | Wireshark Analysis & Vulnerable Scripts
RonR1337
141
Dogcat CTF | TryHackMe | Local File Inclusion (LFI)
RonR1337
57
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.