Daily Bugle turned out to be a straightforward box that demonstrates classic Joomla exploitation and privilege escalation via yum. The machine runs CentOS with a vulnerable Joomla instance that makes for quick initial access.
Enumeration
The nmap scan showed three open ports. SSH on 22, HTTP on 80, and MySQL on 3306, though the database was rejecting external connections.
1
2
3
4
5
6
7
|
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 7.4 (protocol 2.0)
80/tcp open http Apache httpd 2.4.6 ((CentOS) PHP/5.6.40)
|_http-generator: Joomla! - Open Source Content Management
| http-robots.txt: 15 disallowed entries
| /joomla/administrator/ /administrator/ /bin/ /cache/
3306/tcp open mysql MariaDB (unauthorized)
|
The HTTP generator tag immediately identified Joomla, and the robots.txt file confirmed an /administrator directory. Browsing to the site showed a Daily Bugle themed page with an article claiming Spider-Man robbed a bank.