EXPLOITING DRUPAL VIA METASPLOIT — CTF WALKTHROUGH
From research, we know that drupal is vulnerable. One can do a search from exploitdb. There are several exploits. I used metasploit drupalgeddon exploit for this case.
Open the metasploit console by typing msfconsole in your terminal
Search for drupal module in metasploit
we make use of drupalgeddon2 exploit using metasploit
we then set our options to our preferred items which for me are as follows
We then run the exploit
We then run basic commands to know who we are and what directory we are working on.
Showing all files without listing, we see a file called okc which on the previous listing we identify as a script. Cat the script to see what it holds after which you can ran it. Our script gives us root access.
Run the script and gain root access.
With root access, we find the flag through either listing the directories or using the find command.
Submit your flag!