Bolt

Scanning

Lets run some nmap scans to find open ports and services

Enumeration

Lets visit the website running on port 8000

Looks like CMS bolt is running on this port. We also have the username Bolt. Looking through the site, we can also see another username and a password

We usually find the login page of Bolt CMS pages in the /bolt page, so lets check it out.

Lets login with the credentials we found

Looking at the bottom corner of the page, we see the Bolt version running on the machine.

Exploitation

Lets now go to Exploit-db and look for exploits on this version

We have one, lets look at it

Now lets open Metasploit and look for this exploit, then lets set the options.

Now lets set the last options and run the exploit and get the flag

We have the flag.