Description

Obtain RCE on the host library.edu.stf (10.124.1.233).

To get the flag, run the script /home/rceflag.

First, we need to add library.edu.stf 10.124.1.233 to the /etc/hosts file.

Then, browsed to library.edu.stf and it was a WordPress site.

Notice that there was a link to library at the bottom of the page.

We landed on a feature that appears to be a file directory

Typically, we would need to identify vulnerabilities in this WordPress plugin through manual research or automated tools like wp-scan. We might also attempt to upload a webshell manually or find ways to bypass the file upload restrictions.

However, since the hints already tell us it's related to CVE-2023-2068, we can proceed directly to Metasploit to search for an available exploit module.