Welcome amazing hackers I came up with another cool article which is Tryhackme simple CTF writeup.
Without wasting any time let’s get into it. After Deployment I started to scan the target.
I found a list of useful information from scanning the target. Then I use the Gobuster tool for finding useful directories.
From Gobuster I found out /simple directory.
After looking into /simple directory I found it an interesting thing !!!
The site named CMS Made simple I further checked whether the version was disclosed on the website finally I found it.
I checked CVE for this version in Google.
Finally, I found an exploit for this version in exploit-db.com.
Downloaded and executed that exploit.
We must install the required libraries for executing the exploit.
After executing the exploit I found hash for password and salt.
I use the Hashcat tool for cracking the password.
Finally, I found the password secret. Then I log in it via ssh with a found password.
Then I found a flag user.txt.
At last, we found the root flag by spawning the shell.