let's get into the writeup, firstly deploy the machine after that making some Nmap scan to find the useful information.

From the Nmap result, I came to know that 3 ports are open which are ports 22, 80, and 8000.

I opened port 8000 in the browser which results out in the Bolt website. On further findings on the website username and password got leaked out.

From the above two pictures, we got a username and password.

On further digging, I got a login page /bolt/login.

I make use of the gathered username and password to log in which made successful login. After successful logon, I found a version of Bolt (Bolt 3.7.1)

Usually, if the version leaked out we have to do vulnerability scanning or ExploitDb on the version.

I came to know that the vulnerability for this Bolt version is Remote Code Execution.

Remote Code Execution:

Remote code execution is a type of cyber-attack in which an attacker can remotely execute commands on another person’s computing device.

RCEs are typically caused by malicious malware downloaded by the host and can occur regardless of the device’s geographical location.

I fired up the Metasploit console then started the exploitation process.

I use the exploit module which is exploit/unix/webapp/bolt_authenticated_rce

Then I enabled LHOST, RHOST, USERNAME, PASSWORD, and SESSION. Then start to exploit you would get into the target machine.

Then shown in the above image try to change the directory to the home and you got the flag.