Machine Synopsis
`DevArea` is a medium-difficulty Linux machine that chains together several service misconfigurations. Anonymous FTP exposes a Java SOAP application built on `Apache CXF` with the Aegis databinding module, which is vulnerable to an SSRF flaw, CVE-2024-28752. We abuse this to read `/proc/<PID>/cmdline` entries and recover the `Hoverfly` admin credentials from the arguments of a running process. The `Hoverfly` Admin UI is affected by CVE-2025-54123, whose middleware endpoint permits remote code execution and grants a foothold as `dev_ryan`. We then analyze the source of an internal monitoring app, `SysWatch`, whose installation script leaves its environment file world-readable. The leaked secret key lets us forge an admin `Flask` session, and a weak blacklist regex in the service-status feature is bypassed to gain command injection as the `syswatch` user. Finally, we abuse a root-executed log-reading CLI whose symlink validation fails to resolve chained symlinks, leaking the root SSH private key for a full compromise.
Machine Matrix