RCE Exploit — BOLT (CTF)

— — — — — — — — — — — — — — — — — — — — — — — — —

This is the one of the easiest CTF in the THM room, it’s okay if you feel it’s not easy, i totally understand, so without furthur ado, let’s start!

Found some doors through recon, through i could enter i.e

Besides the scan,bruteforce the directories and got the results as shown

So for manual exploitation of the web, i directed to the web page as shown

Hmmm…. there’s bolt image, let’s see if there’s any low hangings for us….

But not, it was huffman encoded so there’s no way!!!, the results are:-

Looks like we got some of the cool stuffs, after enumerating all over the page found wherever i can, after fuzzing for bolt cms portal, it has a login page. I fired up the credentials found into this portal and BOOM!!! we’re in!!

But before that i tried for ssh login but no response..

After filling up all the options required by metasploit i.e the RHOST which was victim’s I.P, the RPORT, the LHOST i.e your own I.P of THM.That’s it and now exploit the target. It’s okay if exploit doesn’t work for first time, don’t loose hope, try again… the same, you’ll get it for sure.

And we’re ROOT!!!

That’s all for now,

Until Next Time,

Stay Superrr!!!!

— — — — — — — — — — —