Solving TryHackMe's "Vulnerability Capstone" Room - A Complete Walkthrough
#challenge#infosec#tryhackme#cybersecurity
Emanuele

Emanuele @shadownet0110

About: Cybersecurity enthusiast with a passion for process injection techniques, malware analysis, and offensive security. I explore advanced tactics, build custom tooling, and share insights on threat detec

Location:
Glasgow, Scotland
Joined:
Apr 19, 2025

Solving TryHackMe's "Vulnerability Capstone" Room - A Complete Walkthrough

Publish Date: Jun 13
0 0

Introduction
In this post, I’ll walk you through my experience solving the Vulnerability Capstone room on TryHackMe. This room is the final challenge in the Vulnerability Research module and is designed to test your ability to identify, research, and exploit real-world vulnerabilities.

Step 1: Initial Reconnaissance
Before diving into exploitation, we need to gather information about the target system. Start the Machine first and then your AttackBox. We'll be using a tool called nmap. After everything is correctly loaded, let's jump into the Kali terminal and let's start scanning the target machine that has ip 10.10.56.68, i used the following code:

nmap -sV -sC -T4 10.10.56.68 -vv
Enter fullscreen mode Exit fullscreen mode

nmap scan

When scrolling the terminal down a bit we've found out the juicy informations we were looking for at first try.

nmap scan 2

Now we can answer the first group of questions that we have.

quest 1

For the other part of this task i'll switch to a tool called GOOGLE, it's free, you can actually invoke it in your web browser ;) and look if Fuel CMS has some CVE exposed.

mitre vulns

This is our next answer in the list, now let's focus on our final task which is the flag capturing.

QUICK TIPS! You are in your browser, why don't you visit the 10.10.56.68?!

That's right, but one more thing to say, on nmap we noticed a txt file hiding, visiting the path in the browser will reveal another web location to look.

txt file

Let's visit the path fuel then.

login form

A login form, interesting, I've investigated the source code but no details we're found about a potential username. We have to exploit manually via the CVE we've discovered previously. After doing some searches, we have to copy and paste this exploit here into a file that we want to create: https://gist.github.com/anir0y/8529960c18e212948b0e40ed1fb18d6d#file-fuel-cms-py

Let's nano that into a file with python extension

nano exploit.py
Enter fullscreen mode Exit fullscreen mode

exploit pasted

Save and let it run via python3 command:

command

python3 exploit.py 10.10.56.68
Enter fullscreen mode Exit fullscreen mode

exploit run

Ok, we need to set up, in another terminal window, a NetCat session ready to get the reverse shell from the Fuel CMS, like so.

netcat session

Back to the exploit window terminal, let's input shell_me and let's give ATTACKBOX_IP:4444 as attacker ip+port to listen.

exploit successfull

After receiving the reverse shell to the application, it's an easy win to score the flag, since the path is in the question! THM{ACKME_BLOG_HACKED} is our final answer and that's all folks!

flag

💡 Final Thoughts:
The "Vulnerability Capstone" room was more than just a challenge—it was a mini red-team engagement that tested my technical skills and problem-solving mindset. If you're looking to solidify your pentesting fundamentals, this room is a must-try.

Comments 0 total

    Add comment