Machine Synopsis

Dump is a Hard difficulty Linux machine featuring a custom PHP web application that allows the creation of packet captures as well as upload and download functionality of `pcap` files. The machine demonstrates command argument injection through file naming to obtain initial remote code execution as `www-data`. Enumeration of the system reveals a `sudo` rule with `tcpdump` that can be abused for arbitrary file writes to the system and bypassing AppArmor security policy restrictions. With arbitrary file writes players can write malicious Message of The Day configurations that execute as root during system login.