Certified Defensive Security Analyst by Academy. Get started now!
Attended is an insane difficulty OpenBSD machine that presents a variety of different concepts like phishing, exploiting CVEs, bypassing outbound traffic restrictions, detecting misconfigurations and binary exploitation (with an interesting twist in the way the payload had to be delivered). Foothold is gained by exploiting a Vim modeline vulnerability in a text attachment sent as an email message. This results in remote command execution but since only HTTP outbound traffic is allowed a workaround is featured by using a simple HTTP client/server application. System enumeration leads to a shared directory where `ssh` configuration files can be written to be executed by another user (`freshness`), allowing to run arbitrary commands via the `ProxyCommand` configuration directive. An executable binary vulnerable to a stack-based buffer overflow is then exploited to gain code execution as root (on a different host) by delivering a malicious payload through an SSH private key (the vulnerable program is configured as the `AuthorizedKeysCommand` in the `sshd` configuration).