Ignite

HTTP Enumeration - Fuel CMS - (www-data) Enumeration - Root !

Initial Enumeration

  • Only two ports were open - 22 and 80

  • Enumerating 80 leads us to a CMS called - Fuel CMS, which has admin:admin as default credentials

  • There's also a publicly available exploit w.r.t to its version - searchsploit that and run the exploit

  • If not, explore that python script and manually take RCE on that system - get a reverse shell

Privilege Escalation

  • We get logged in as www-data and we can find an interesting php file in this location

/var/www/html/fuel/application/config/database.php

  • At the end of this file, we find the root credentials as root:mememe

$ su root
Password: mememe

# whoami
root
PreviousLazy AdminNextBrooklynn 99

Last updated