This works for python3 but you have to add ( ) brackets to every line that starts with print or cprint. Luckily, there are only 4-5 lines that need this. For example, the script might say: print "blah blah" __ these need to be changed to say: print ("blah blah")

Excellent video DarkSec! Thank you very much because it helped me to tackle this task with confidence and whole-understanding.

thanks! was very helpful. Greetings from Argentina!

Your challenge helps me to learn lots of new things. Thank you so much.

love the walkthroughs, but is it possible to see what you do when you go on the breaks... often times, we get stuck too there and we dont actually see what happened... for example, the cve with the whole python2 and python 3 thing. would have loved to see if we could have ran that python3 and what we needed to do... but maybe that cve doesnt work on python3. Thanks again!

Hey Dark, great video!. Just yesterday I did the same room, but I had problems with the installation of the termcolor because, as u know, python2 is no longer maintained. So, I couldn't install that. What I did as a walkthrough was editing the code to change a few things to make it available for python3. and it worked. !! Good luck and keep doing it !!

How did you guess immediately that you'll need to use an sqli vulnerability?

Dark keep it up 💪

Thankyou for the vid! Is this supposed to be the most simple CTF on TryHackMe? There seems to be a lot of prequired knowledge in here before you could get close to tackling it. What would you suggest learning first to be able to do these CTFs? I have a good understanding of the linux fundamentals, know about nmap, but every CTF there seems to be something unknown. Any help much appreciated! Cheers!

you made me question my brain existence

Great video! It's very informative. It requires a lot of knowdlege about tools which and how to use. Thanks for showing the way.

if somebody get stuck on python2 version issue, just open the exploit file and replace all print statements with print(), and all good.

First I went to IP/simple/admin which directed me to a login page, then I used the forgot password functionality to find that there was a user named mitch, finally I used burpsuite intruder to find the password as secret. I didn't even try the exploit as I had already discovered all this before even needing to look for one. I remembered the text to mitch saying the password was weak so I just thought a simple brute force would be sufficent.

Great Content love learning this !

600th view! And thank you for making this video

how did u know that data that u got from exploit CMS was tha same data to enter on SSH, because CMS data was a data to enter on interface web

i cant run ls command it enters passive mode and even if i disable it, it just says no connection

I have wifi connexion in my pc but the vm in tryhackme won't work , any solution please

Thanks man 🖤👏

good stuff dark!!

modified the cve and every print or cprint close with () run it with python3 e.i. print ("work") or cprint ("work")

I found it easier to update the python script to python3. It ran fine in Kali.

nice video however i wasn't able to run the exploit with python2 so I converted the code to python3 by adding () to the prints

i got a "Entering Extended Passive Mode (|||40556|)" when trying to 'ls' after ftp(IP). everything looks the same as his, but it tries to open on port 40556. what am i doing wrong?

Appearently the exploit doesn't work anymore, it just spits out "111111111111111111....." for the username until you stop it :/

thank you sir

ive tried installin python2 -m pip install termcolor and didnt workit... it is in python3 but python3 doesnt work with this cve

Where’d you get ip from still so confused

i am unable to scan the ip using nmap can someone help me? i am trying to scan it from my parrot virtualmachine

it gave me a UnicodeDecodeError: 'utf-8' codec can't decode byte 0xf1 in position 923: invalid continuation byte! , can anyone help me with it?

I tried using the python2 exploit file but it wasn't working 😭 someone should send help

This exploit is not working on my machine every time i run script it give me some random Salt for password username and email and password.

Video would be better if you normalized the audio, it's hard to hear clearly at times. Also, could you select the text when you are mentioning something on the code? Thanks!

Dark 😁 remember me? 😅

I had to use the password you brute forced the python script never ran for me. it would go through the steps and then NOT display the output. and I've never seen a priv esc with vim before so that was cool. Thanks for the help

the exploit dont show username, password and email