Tonight, I decided to go into a CTF box. I’ve been watching tons of CTF videos by John Hammond and The Cyber Mentor, so it was a logical step in trying to pwn a new box on Try Hack Me.
The tutorial was rather vague. I wasn’t sure why it was asking about port 1000 in since NMAP was only showing other ports. For that question of how many services were running on port 1000, I simply took a guess and got it right.
To start owning the box, I did the standard NMAP and Directory scanning. The Gobuster results were fairly quick, and showed a directory that reveiled a service being run called CMS Made Simple. It was pretty easy to find an exploit… I googled “exploit CMS made simple.” This reveiled the CVE number, and a python script.
The python script (after making it executable) had some errors. It turns out that I didn’t have some required imports for the script. After a pip install, it actually ran.Continue Reading