Attacking Common Applications - Skills Assessment II

Try: ffuf -w subdomains-10000.txt -H “Host: FUZZ.inlanefreight.local” -u http://MACHINE_IP -fs {size}

2 Likes

Can you please give me a hint what exploit did you use to get root user?
I tried different things, but got only RCE with www-data exploiting Nagios

I used metasploit, search Nagios XI 5.7.5 and there are two exploit.

1 Like

Thx, got it!
My mistake was that I thought that the flag is in /root folder, but it was in /usr/local/nagiosxi/html/admin :slight_smile:

3 Likes

I’m glad you solved :wink:

Can anyone help with getting the admin password. I have tried the default creds as well as bruteforcing using rockyou.txt but no lick

nvm solved it

i am stuck in the first question in the lab [Attacking Common Applications - Skills Assessment II]
What is the URL of the WordPress instance?

i did resolve all the other question exept the fisrt one , ant hint please

1 Like

To help others reading this, try FFUF-ing.

Thanks for the clue! i spent hours doing it the hardway!

1 Like

I cant find the third vHost if my life dependend on it I have done all except that one the format i am using is this n*****.something.something

Hello dear. I am stuck at the same point. Did you get it finally ?
I have found it.

This was very easy.Everything you need is in Gitlab projects. Vhost for network monitor is there, password and username is also there. When you login to network monitor research for exploit.

How did you find the wordpress url, what wordlist did you use for ffuf and is it just the gitlab.inlanefreight.local:8180 domain?

Hello. I think @Baudejas already answered your question. but for wordlist you can use the following /usr/share/seclists/Discovery/DNS/subdomains-top1million-110000.txt

isnt that wordlist for subdomains not wordpress?

The wordpress URL is a subdomain or vhost.

1: Use fuzz to find the sub domain
2: Go to the gitlab and create a account
3: See the repository and you can see that the admin created a other subdomian
4.-search in postgres
5.-Nagios XI 5.7.X - Remote Code Execution RCE (Authenticated) - PHP webapps Exploit
image