Write-Up 12- THM- Bolt

Write-Up 12- THM- Bolt

Learn to exploit a vulnerable CMS(Content Management System) using Remote Code Execution

Image for post

“Bolt” The main character of the animated film


Exploiting CMS using Remote Code Execution

This writeup is based on the room “Bolt” on the TryHackMe platform. Its a beginner level room where a vulnerability in a CMS version is exploited to get the root access on the target machine.

Prerequisites

Knowledge of the following is recommended to solve this challenge tough the toolsare very easy to use and can be searched while solving the tasks.

  1. Nmap
  2. Searchsploit
  3. Exploit DB
  4. Metasploit
  5. Basic Linux Commands

P.S I highly recommend you guys try to solve these tasks on your own first and if you get stuck you can always refer to this writeup.

Getting Started

Navigate to the room “Bolt” on THM. Deploy the machine and connect to the THM network using OpenVPN. verify that you are connected on THM network by checking the tun0 or tun1 interface using the ifconfig command on the terminal

Hack your way into the machine

Let’s run a Nmap scan against the target machine to see which ports are open and what kind of services are running on those ports

Image for post

Nmap Scan against the Target machine

As we can see from the above Nmap scan three ports are currently open. Let’s explore these on by one. We see a web server running on port 80. Navigating to the target machine IP we see the below page. We find nothing interesting on this page.

Image for post

Webserver Running on Port80

Let’s try port 8000 as it is also running some kind of web application

Image for post

Bolt CMS

From the above screenshot, we can see that a CMS is running on port 8000. Let us explore it a bit, navigating to different tabs, and check if we can find something interesting. So we found a username that could be useful in are upcoming tasks.

Image for post

Username Found

tryhackme metasploit exploitation cms remote-code-execution

Bootstrap 5 Complete Course with Examples

Bootstrap 5 Tutorial - Bootstrap 5 Crash Course for Beginners

Nest.JS Tutorial for Beginners

Hello Vue 3: A First Look at Vue 3 and the Composition API

Building a simple Applications with Vue 3

Deno Crash Course: Explore Deno and Create a full REST API with Deno

How to Build a Real-time Chat App with Deno and WebSockets

Convert HTML to Markdown Online

HTML entity encoder decoder Online

Static Code Analysis: What It Is? How to Use It?

Static code analysis is a method of debugging by examining source code before a program is run. It's done by analyzing a set of code against a set (or multiple sets) of coding rules. Static code analysis and static analysis are often used interchangeably, along with source code analysis.

How to Find the Stinky Parts of Your Code (Part II)

There are more code smells. Let’s keep changing the aromas. We see several symptoms and situations that make us doubt the quality of our development. Let's look at some possible solutions.

Let's Talk About Selling Your Code

In this video, I'll be talking about when do I think code is ready to be sold. 🔴 Subscribe for more https://www.youtube.com/channel/UCMA8gVyu_IkVIixXd2p18NQ?...

Softagram - Making Code Reviews Humane

The story of Softagram is a long one and has many twists. Everything started in a small company long time ago, from the area of static analysis tools development. After many phases, Softagram is focusing on helping developers to get visual feedback on the code change: how is the software design evolving in the pull request under review.

Embold Is Like Autocorrect For Code, Says Vishal Rai, Founder & CEO

We, at Analytics India Magazine, spoke to founder and CEO, Vishal Rai, to understand how Embold can detect anti-patterns in code for seamless integration. Embold started a decade ago, with the vision of creating a product that can revolutionise the way developers write and design code.