->easyctf




User part :



-> Run Nmap Scan





-> 3 ports are open. lets check website





-> now lets run directory bruteforcing and found 1 intresting folder





-> so it is 'cms made simple' cms. lets check version





-> i found version from 1 page





-> i checked for exploit and i got an SQLi exploit





-> i run exploit and got password






-> i checked with ssh credentials, and got shell and got user flag





Root Part :



-> i checked , which command i can run with sudo privilege and i got this





-> GTFObins gave me idea about how to exploit





-> Now iam root and got root flag