Simple CTF Tryhackme

It is a walkthrough of a room called Simple CTF from Tryhackme. Steps for pwning this machine:- 1)Start with a map scan (map -A -T4 IP) . 2)Ftp anonymous login was allowed but didn't find anything too important there. 3)Port 80 had a directory called simple which I found through gobuster (gobuster dir -u URL -w /path/to/wordlist/ -x .php,.txt -t 40) 4)A cms was running (cms version 2.2.8) 5)Searchsploit tells us that versions less than 2.2.10 have a sqli vulnerability. 6)Running the exploit(python exploit.py -u HTTP://IP/simple/ --crack -w /path/to/wordlist/) 7)If you run into an error while running the exploit i.e errors like no module named termcolor found and pip install termcolor is not working then you have to set a virtual env (apt-get install python3-virtualenv && virtualenv -p python2 venv && . venv/bin/activate) 8)Then you will get the user and pass and login to the machine using ssh which is running on port 2222 9)After logging in, run sudo -l to find what commands the user can run as root without root password (it was /usr/bin/vim) 10) GTFObins tells us we can run this:-(sudo vim -c ':!/bin/sh') 11) we are root !!!! If you find this video useful then give it a thumbs up and if you want to see more videos like this then subscribe to my channel. Follow me:- Hackthebox:-https://app.hackthebox.eu/profile/overview Tryhackme:-https://tryhackme.com/profile Medium:-https://anikatesawhney549.medium.com/ Twitter:-https://twitter.com/AnikateSawhney