diff medium

#2025.11.2

Adding the IP to the “/etc/hosts”

sudo nano /etc/hosts

Network enumeration

Documents/htb/machine
> nmap -Pn -sV -sC  10.10.11.94
Starting Nmap 7.98 ( <https://nmap.org> ) at 2025-11-02 11:57 +0800
Nmap scan report for giveback.htb (10.10.11.94)
Host is up (0.31s latency).
Not shown: 998 closed tcp ports (conn-refused)
PORT   STATE SERVICE VERSION
22/tcp open  ssh     OpenSSH 8.9p1 Ubuntu 3ubuntu0.13 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey:
|   256 66:f8:9c:58:f4:b8:59:bd:cd:ec:92:24:c3:97:8e:9e (ECDSA)
|_  256 96:31:8a:82:1a:65:9f:0a:a2:6c:ff:4d:44:7c:d3:94 (ED25519)
80/tcp open  http    nginx 1.28.0
|_http-generator: WordPress 6.8.1
|_http-server-header: nginx/1.28.0
| http-robots.txt: 1 disallowed entry
|_/wp-admin/
|_http-title: GIVING BACK IS WHAT MATTERS MOST &#8211; OBVI
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

Service detection performed. Please report any incorrect results at <https://nmap.org/submit/> .
Nmap done: 1 IP address (1 host up) scanned in 200.57 seconds

Visiting the webpage

image.png

Upon inspecting the page source code i found that it uses giveWP for the donation which is said to be vulnerable so i began searching for the version in the src code

image.png

So i started to search for its CVE and PoC

image.png

Found this. But i wanted to exploit from the metasploit so

image.png