This room is designed for users to get familiar with the Bolt CMS and how it can be exploited using Authenticated Remote Code Execution.
TASK 1: Deploy the machine
- Start the machine
No Answer needed
TASK 2 : Hack your way into the machine!
- What port number has a web server with a CMS running?
2. What is the username we can find in the CMS?
3. What is the password we can find for the username?
4. What version of the CMS is installed on the server? (Ex: Name 1.1.1)
5. There’s an exploit for a previous version of this CMS, which allows authenticated RCE. Find it on Exploit DB. What’s its EDB-ID?
We lookup in the exploit database for the version of CMS that is installed on the server
6. Metasploit recently added an exploit module for this vulnerability. What’s the full path for this exploit? (Ex: exploit/….)
Note: If you can’t find the exploit module its most likely because your metasploit isn’t updated. Run `apt update` then `apt install metasploit-framework`
7. Set the LHOST, LPORT, RHOST, USERNAME, PASSWORD in msfconsole before running the exploit
No Answers needed
8. Look for flag.txt inside the machine.