tryhackme link → https://tryhackme.com/room/vulnerabilitycapstone Today I solved the TryHackMe Vulnerability Capstone room [What is the name of the application running on the vulnerable machine?] First, I ran nmap to check the open ports and running services
nmap -p22,80 -A --min-rate 3000 10.48.170.55From the nmap scan results, I was able to confirm that Fuel CMS is running
Answer: Fuel CMS
[What is the version number of this application?] The application version information can be found directly on the site page
Answer: 1.4
[What is the number of the CVE that allows an attacker to remotely execute code on this application?] The CVE using the RCE vulnerability can be easily found on exploit database
Answer: CVE-2018–16763
[What is the value of the flag located on this vulnerable machine? This is located in /home/ubuntu on the vulnerable machine.] Running the exploit code for the CVE we found earlier, we can easily obtain RCE
Answer: THM{ACKME_BLOG_HACKED}