Download; https://www.vulnhub.com/entry/sectalks-bne0x03-simple,141/
We scan the machine with nmap. When we look at the results, the http service is running on port 80. let's request then.
We use nikto.When we look at the results, we see the docs directory and license.txt. We will use dirb for directory discovery
We look at the license.txt file and see that cutePhP is used there and see if there is an exploit associated with it.
We found the exploit, now we are doing the necessary steps.
We register
We see the file upload page above.Now. We save the php reverse shell file as rev.jpeg and open burpsuite while doing this.
We are making the necessary adjustments for the reverse shell.
We change the rev.jpeg file to rev.php. We go to the uploads directory.
We can see that we have uploaded.
We open a reverse connection with nc.
When we click on the file we uploaded to the uploads directory, we get a connection.
I use the exploit in the screenshot above to become root.
I see that I am root.
I read the flag.txt in the root directory and the ctf ends there.