MHCyber

A Cybersecurity student's website

THM-Simple CTF

Description-Beginner level ctf

Difficulty-Easy

Link-https://tryhackme.com/room/easyctf

Enumeration

I started with a nmap scan using the tags ‘-A’ and ‘-T4’ which would give me a quick thorough scan of the machine

I then went through the ftp server logging in as anonymous and retried the ForMitch.txt file. This file talks about someone called Mitch who is using a weak password for their login, so maybe we can bruteforce the ssh using this information.

I am also going to use gobuster on the website to see if we can find any hidden web directories. This allowed me to find the /simple directory.

Getting User

The /simple/ shows a webpage showing that an install for cms made simple was successful, so lets try to find out what version this is and if its vulnerable to anything. After looking at the bottom of the page I found that the version is 2.2.8 and with this information I found that there is a cve for this version ‘CVE-2019-9053’.

I used this script https://gist.github.com/pdelteil/6ebac2290a6fb33eea1af194485a22b1 and changed some of the code to get it working correctly. It took awhile to crack the password so I recommend just leaving it to do its thing for awhile. Eventually the program will complete and we will be given a password however if that doesn’t work and you only have the salt and the hash then you can use this command to get it “hashcat -O -a 0 -m 20 HASH:SALT /usr/share/wordlists/rockyou.txt“. You can then login to ssh using these credentials we founds.

Once in I can read the user flag and enter it.

Privilege escalation

This part was a bit easy however this ctf is supposed to be easy. So to start I used the “sudo -l” command to see what I could run as root. This showed me that I could run vim and using GTFOBins I found an appropriate command that would escalate my privileges to root!

From here you can cd to the root directory and read the root flag!

Overall this box is a very easy one however the it gives an introduction to finding exploits that you can utilise so I think its a great box for anyone who is starting out.

matthewhcyber

, ,
, , , , ,

Leave a comment