It a cool room that teaches u how to hack into a webserver in this boot-to-root machine. Powered by Fuel CMS, we are even given valid credentials to get in the Admin panel to find XSS is one of the few vulnerabilities that are possible to exploit. We can also do Remote Code Execution(RCE) in two ways to load a PHP shell to get access as www-data, and the webpage is leaking where they stored the database file that has the root password. From there we switch-user(su) to root and grab the root flag.
Click the link below to watch the full video
Posts
