Vulnerability Capstone — Tryhackme

First I scanned my given target after I got useful information.

What is the name of the application running on the vulnerable machine?

Fuel cms

What is the version number of this application?

1.4

What is the number of the CVE that allows an attacker to remotely execute code on this application?

Format: CVE-XXXX-XXXXX

CVE-2018–16763

Download the exploit and made modifications of the URL to your target IP.

searchsploit fuel cms 1.4

Type this in the terminal and displays remote code execution information and must download that.

searchsploit -m linux/webapps/47138.py and this command download the exploit in your machine.

After running the exploit start listener and navigating to the home directory you got the flag.