AdaniKamal
  • 🇲🇾Selamat Datang
  • CVE-2024-3400 PAN-OS
    • Version Table
    • panos-check.py
  • Script4u
    • Cipher checker
      • CipherChecker.py
    • Nmap & Ciphers
      • nmap-ciphers.py
      • iplist.txt
    • Ping Bulk
      • ping.py
      • hosts.txt
    • Telnet bulk
      • telnet.py
    • purrfect-cipher-scanner
      • cipher-scanner.py
    • speech2text.py
    • SSL Scan
      • ssl-scanner.py
  • Walkthrough
    • CTF - Walkthrough
    • TryHackMe
      • Authentication Bypass
      • HOLO
      • John The Ripper
      • RES
      • ToolsRUs
      • Anonforce
      • RootMe
      • stealthcopter ctf primer1
      • c4ptur3-th3-fl4g
      • Wonderland
      • Bolt
      • CC-Pen Testing
      • CC-Stego
      • CTF collection Vol.1
      • Crack The Hash
      • Easy steganography
      • Web Fundamentals
      • Hydra
      • Lian_Yu
      • NerdHerd
      • OhSINT
      • STEGOsaurus
      • Custom Wordlist
        • Custom Wordlists
        • Custom Wordlists
      • Advent of Cyber 2020
        • Day3 - Evil Elf
        • Day 5 - Ho-Ho-Hosint
        • Day 6 - Data Elf-iltration
        • Day 12 - Elfcryption
        • Day 14 - Unknown storage
    • 3108 CTF 2024 : Kembara Tuah
  • CTF Tool
    • File Header
Powered by GitBook
On this page
  • Link
  • Penetration Testing Methodology
  • Walkthrough
  1. Walkthrough
  2. TryHackMe

Bolt

PreviousWonderlandNextCC-Pen Testing

Last updated 8 months ago

image

Link

Penetration Testing Methodology

Reconnaissance

  • nmap

Exploitation

  • metasploit (bolt cms)

Capturing the flag

  • flag.txt

Walkthrough

nmap -sV 10.10.54.254

From the nmap scanning. I found that 3 port open. Which is

  • 22 (ssh)

  • 80 (http)

  • 8000

I browse the given IP address.

Scroll this page you will get username and password.

But, with this credentials, I still can't access SSH.

So, we find information about this CMS and it's vulnerability. Maybe we can exploit it.

Bolt CMS Version.

Fire up Metasploit (msfconsole).

show options and set.

Yesss, root already. Find your flag and grab it :)

CONGRATULATIONS!!

This was a fun machine. Very basic yet fun to root. Good for beginner.

Thank you for reading. :)

By AdaniKamal

image
image
image
image
image

that I found.

image
image
image
image
image
Exploit
🔗
Bolt