EXPLOITING DRUPAL VIA METASPLOIT — CTF WALKTHROUGH

From research, we know that drupal is vulnerable. One can do a search from exploitdb. There are several exploits. I used metasploit drupalgeddon exploit for this case.

Open the metasploit console by typing msfconsole in your terminal

Search for drupal module in metasploit

we make use of drupalgeddon2 exploit using metasploit

we then set our options to our preferred items which for me are as follows

We then run the exploit

We then run basic commands to know who we are and what directory we are working on.

Showing all files without listing, we see a file called okc which on the previous listing we identify as a script. Cat the script to see what it holds after which you can ran it. Our script gives us root access.

Run the script and gain root access.

With root access, we find the flag through either listing the directories or using the find command.

Submit your flag!