Ignite
HTTP Enumeration - Fuel CMS - (www-data) Enumeration - Root !
Initial Enumeration
Only two ports were open -
22
and80
Enumerating 80 leads us to a CMS called - Fuel CMS, which has
admin:admin
as default credentialsThere's also a publicly available exploit w.r.t to its version - searchsploit that and run the exploit
If not, explore that python script and manually take RCE on that system - get a reverse shell
Privilege Escalation
We get logged in as
www-data
and we can find an interesting php file in this location
/var/www/html/fuel/application/config/database.php
At the end of this file, we find the root credentials as
root:mememe
$ su root
Password: mememe
# whoami
root
Last updated