wtorek, 10 lipca 2018

Exploiting Monstra CMS 3.0.4

Last time when I tried HackTheBox CTF I found that one of the machines has Monstra CMS installed. Because I found that few bugs are already publicly disclosed for that CMS[1,2,3] I decided that it will be a good idea to do another "quick autopsy"... Here we go.

I found Monstra CMS here:

To install this CMS I used Ubuntu 14 and VirtualBox. (As far as I know you should enable mod_rewrite - a2enmod rewrite - and restart Apache server.)

When your environment is ready, Monstra is waiting for you ;)

In my proof-of-concept I used same credentials as I found on the HTB machine - the 'default' one. ;]
To use it, we need to also prepare a ZIP file (with our shell in PHP). Zipped file should be in the same directory as poc-code.

After a while you should receive similar results to those presented below:

On your Ubuntu-server you should now see a new plugin-folder created (under <monstra>/tmp/), see below:


In case of creating a meterpreter session - I will leave it for you as an exercise ;)


Brak komentarzy:

Prześlij komentarz