ARMAGEDDON WALKTHROUGH 1. Nmap Scan: 2. Gobuster Scan: 3. Then I went to each directory mentioned in the Gobuster scan. /sites include the settings.php that contained the credentials of the database user. use the exploit: exploit/unix/webapp/drupal_drupalgeddon2 in msfconsole to exploit the Drupal vulnerability. Set the appropriate value and run the exploit and we get the meterpreter shell. Username: drupaluser Password: CQHEy@9M*m23gBVj 4. Then run the command: mysql -u drupaluser -h localhost -p -D drupal -e ‘select name,pass from users;’ Password: CQHEy@9M*m23gBVj We got the hash of the admin brucetherealadmin. 5. Next, we create a simple hash.txt file on the desktop and paste the above hash in it. Then use the john the ripper tool to crack it: john hash.txt -w /usr/share/wordlists/rockyou.txt And we got the password for the admin. Username: brucetherealadmin Password: booboo 6. Login ssh and got the user.txt User.txt: 56f8bc6377eca727f22835