TryHackMe Simple CTF [MACHINE]

Machine Name : Simple CTF

Platform : TryHackMe (THM)

Machine Link : https://tryhackme.com/room/easyctf



Question 1 - How many services are running under port 1000?

command : nmap -p 1-1000


Question 2 - What is running on the higher port?

command : nmap -A <target_ip>


Question 3 - What's the CVE you're using against the application?
Answer - Check The Web Application Service And Version . Search About It In Browser


/*When We Go Through The Web Application ,
 We Can See CMS 2.2.8
Type The Service And Version Name On Browser */

Question 4 - To what kind of vulnerability is the application vulnerable?
Answer - Read TheCVE

Question 5 - What's the password?

use the exploit : https://www.exploit-db.com/exploits/46635

Question 6 - Where can you login with the details obtained?
Answer - We Have Gathered The Username And Password From The Exploit , We Can Use A Service To Login TO It (command line Service)


Question 7 - What's the user flag?
Answer - When You Logged Into The System , You Can Find user.txt In The Desktop

Question 8 - Is there any other user in the home directory? What's its name?
Answer - Yes There Is Another User In The System 

Command : ls /home

Question 9 - What can you leverage to spawn a privileged shell?
Answer - sudo -l

Find A Command Which Allows You To Escalate Privilage (use gtfobin)

Question 10 - What's the root flag?

Answer - You Can Find The Root Flag From Root Folder

Popular posts from this blog

TryHackMe Source[MACHINE]

 Machine IP : 10.10.217.104 Machine Name : Source This Machine Runs A Vulnerable Service Which Allows An Attacker To Take Over This Machine Remotely And Gain Root Access. Vulnerable Service And Version - HTTP Service And MiniServ 1.890 (Version) Exploit - unix/webapp/webmin_backdoor (Metasploit) When We Run The Exploit , It Gives Root Access Suddenly . There is no need to do a privilage Escalation. Nmap Scan : """ Starting Nmap 7.91 ( https://nmap.org ) at 2021-06-22 22:37 +08 Nmap scan report for 10.10.217.104 Host is up (0.39s latency). Not shown: 998 closed ports PORT      STATE SERVICE VERSION 22/tcp    open  ssh     OpenSSH 7.6p1 Ubuntu 4ubuntu0.3 (Ubuntu Linux; protocol 2.0) | ssh-hostkey: |   2048 b7:4c:d0:bd:e2:7b:1b:15:72:27:64:56:29:15:ea:23 (RSA) |   256 b7:85:23:11:4f:44:fa:22:00:8e:40:77:5e:cf:28:7c (ECDSA) |_  256 a9:fe:4b:82:bf:89:34:59:36:5b:ec:da:c2:d3:95:ce (ED25519) 10000/tc...
Read more