Member-only story

THM - Devie

4 min readMar 20, 2025

A writeup for the room Devie on TryHackMe

A developer has asked you to do a vulnerability check on their system.

TryHackMe | Cyber Security Training

tryhackme.com

We can start by doing a scan with nmap.

There are only two open ports: the 22 for SSH and 5000.

By connecting to the port 5000 with the browser we can find a web application.

The website allows to do different math calculations.

In the footer of the page is possible to download the source code.

Looking closely at the code, we can see a vulnerability in the eval function with user-given input.