TryHackMe Simple CTF | Full Walkthrough

In this video, we tackle a classic TryHackMe Capture The Flag room focused on real-world content management system exploitation. We start with a standard Nmap version scan to map out the attack surface and open ports. Next, we run Gobuster to uncover hidden web directories, leading us to an instance of CMS Made Simple. After researching the platform, we discover a known SQL injection vulnerability and deploy an exploit script to pull back a username, an encrypted password hash, and a salt. To keep it completely real, I show you how to pivot and use Hashcat to manually crack the salted hash when default scripts fail. Finally, we log into the system, capture our flags, and execute a smooth privilege escalation to claim root access. 0:50-------Nmap scan deployed 1:35-------Gobuster to discover hidden directories 2:00-------Exploring the discoveries 2:50-------Researching the CMS version 3:40-------Using searchsploit to find the exploit 4:40-------Finding the right version 6:00-------Executing the exploit 8:15-------Credentials discovered 8:25-------Alternate way to decode a hash 10:00-----SSH Login Attempt 11:12-----Using vim to escalate privileges Disclaimer: This video is for educational purposes only. All software, logos, and trademarks shown in this video belong to their respective owners; their appearance does not imply endorsement or affiliation. The use of these materials is intended under Fair Use for educational and instructional purposes. All demonstrations and experiments were conducted within private, controlled environments. The author assumes no responsibility for any misuse of the information provided or for any actions taken by viewers outside of these instructional parameters.