Vulnhub Walkthrough – “Simple”

This post is a walk through of the hacking of a Virtual Machine called “Simple” which is available here:,141/

After booking up the virtual machines and ensuring they were visible to one another, I began with some simple enumeration.  Several Nmap scans resulted in my finding only Port 80 was open.


I loaded up Firefox and checked out the website to find a login panel for CuteNews (v2.0.3).



I did spend a bit of time online researching CuteNews but didn’t get too many results about vulnerabilities or exploits.  Looking further at the actual page itself I decided to register an account.


Once I had done that I saw that on my profile page I had the ability to upload an Avatar – or any file I wanted to actually.  I tested it with a standard web shell.  Within /usr/share/webshells I used one of the PHP reverse shells.  Copying it to myshell.php and then editing in VIM.



I set the PORT to call out to as 1234 and entered my Kali IP address.  Within Kali I opened up a netcat and listened on this port for a connection.  Within my CuteNews control panel I opened up the web shell I had just uploaded and managed to connect and fall into the shell!

Using Python I spawned a bash shell:


I did some enumeration on the target – tons actually.  I used excellent “Gotmilk” privilege escalation list (Link:  I did quite a lot around finding files with sticky bits, looking for world writable files, looking into /etc/passwd and whether the shadow file was readable, looking into /var/log and a lot of other things.

I did find that mysql user root had the password of root but this wasn’t useful unfortunately.



Doing research online I discovered a published exploit (Link: which matched up to my kernel version.  This was an overlayfs privilege escalation (CVE-2015-1328).  I downloaded this within the shell on the target machine.


Compiled it: gcc 37292.c -o hacky



When this was executed the exploit was successful and running the id command confirmed that I was now within a root shell!!!




This was a very fun machine and not too complicated so ideal for beginners.  My thanks goes to the Author – Robert Winkel.







Leave a Reply

Your email address will not be published. Required fields are marked *