Encoding
Encoding
Encoding 526
Encoding
RETIRED MACHINE

Encoding

Encoding - Linux Linux
Encoding - Medium Medium

3.3

MACHINE RATING

1376

USER OWNS

1352

SYSTEM OWNS

28/01/2023

RELEASED
Created by kavigihan

Machine Synopsis

Encoding is a Medium difficulty Linux machine that features a web application vulnerable to Local File Read. Through the ability to read arbitrary files on the target, the attacker can first exploit a PHP LFI vulnerability in the web application to gain access to the server as the `www-data` user. They can then discover a script on the server, called `git-commit.sh`, which allows them to commit code as the James user. By inspecting the `utils.php` file, the attacker can discover that the script is run as the `svc` user with sudo privileges. Through a malicious Git hook, the attacker can grab the SSH key for the `svc` user. This user can restart services as the root user through sudo. The attacker could abuse this privilege to execute arbitrary code as root by modifying an existing service file or creating a new one.

Machine Matrix

Ready to start your
hacking journey?