Welcome to the Exploitation CTF 1 lab in the eJPT course. Let’s get started!

Attacker IP: 192.6.156.2

Target IPs: target1.ine.local - 192.6.156.3

                target2.ine.local - 192.6.156.4

Credentials: admin:password1

• Flag 1: Identify and exploit the vulnerable web application running on target1.ine.local and retrieve the flag from the root directory. The credentials admin:password1 may be useful.

Ok so per the task we’re going after a web app and are provided with some credentials for later. Let’s run our nmap scan and get started.

nmap -sV -sC 192.6.156.3

Starting Nmap 7.94SVN ( <https://nmap.org> ) at 2026-01-14 02:55 IST
Nmap scan report for target1.ine.local (192.6.156.3)
Host is up (0.000026s latency).
Not shown: 998 closed tcp ports (reset)
PORT   STATE SERVICE VERSION

22/tcp open  ssh     OpenSSH 8.2p1 Ubuntu 4ubuntu0.11 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey: 
|   3072 21:24:4c:9e:7b:6b:7f:b9:ff:35:fd:b7:72:e9:b3:c2 (RSA)
|   256 32:b1:fc:9d:50:e4:3c:28:ee:18:16:2f:73:91:0a:13 (ECDSA)
|_  256 e0:51:b7:4f:d0:b1:a3:35:88:5b:51:4e:b9:53:59:1a (ED25519)
80/tcp open  http    Apache httpd 2.4.41 ((Ubuntu))
| http-cookie-flags: 
|   /: 
|     PHPSESSID: 
|_      httponly flag not set
|_http-title: Homepage
| http-robots.txt: 4 disallowed entries 
|_/acp/ /core/ /lib/ /modules/
|_http-server-header: Apache/2.4.41 (Ubuntu)
|_http-generator: flatCore

MAC Address: 02:42:C0:06:9C:03 (Unknown)
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

From our scan and based on what the task is telling us we should clue in on this flatCore management system.

We can use searchsploit to look for flatcore vulnerabilities below

searchsploit flatcore
--------------------------------------------------------
Exploit Title                                                    |  Path
--------------------------------------------------------
FlatCore CMS 2.0.7 - Remote Code Execution (RCE) (Authenticated) | php/webapps/50262.py
FlatCore CMS 2.1.1 - Stored Cross-Site Scripting (XSS)           | php/webapps/51068.txt