Simple CTF

This lab look involves gathering data and locating a flag

First thing I’m going to do is scan the machine and see what available ports are open

We located a few juicy open ports (ftp/http/ssh)

Seems to be running an apache service on port 80

Next Im going to run Gobuster against this machine

navigating to /simple we are presented with CMS

Bottom of the page states “This site is powered by CMS Made Simple version 2.2.8”

CVE we are going to utilize is CVE-2019-9053

Downloaded the exploit and attempted to run it

Looks like we’ll need some arguments with it

Troubleshooting for some time I was able to narrow down that python2 is required for this work properly.

Then ran into an issue where “requests” was needed, so I installed with command sudo apt-get install python-requests

It then required a module called termcolor using sudo apt-get install python-termcolor

Ran it again and boom!

password we get is secret

From here we have a username (mitch) and a password (secret).

Lets go ahead and login with SSH


Had to add a -p argument since ssh is running on port 2222

in the home directory we find another user

from here we want to elevate priviledges.

Running sudo -l we see that Vim can run

off to GTFO bins we go!

From there we find we can run the command to get a root shell

sudo vim -c ‘:!/bin/sh’