Eureka
Linux
Hard
4.4
MACHINE RATING2135
USER OWNS2004
SYSTEM OWNS26/04/2025
RELEASEDMachine Synopsis
`Eureka` is a hard-difficulty Linux machine centered on `Spring Boot` microservices and service discovery misconfigurations. Initial access is gained by exploiting an exposed `/actuator/heapdump` endpoint on the `Furni` web application, retrieving sensitive credentials from the memory snapshot. With SSH access, deeper enumeration reveals a microservice architecture where `Furni` delegates authentication to a user-management-service, both orchestrated through a Spring Cloud Gateway and registered in Eureka. The attacker abuses Eureka’s insecure registration to introduce a malicious fake `USER-MANAGEMENT-SERVICE`, tricking the gateway into routing real login traffic and capturing valid credentials. Privilege escalation is achieved by analyzing a root-run log analysis script, which parses HTTP status codes unsafely. By injecting a crafted payload into application.log, arbitrary command execution as root is obtained, ultimately leading to complete system compromise.
Machine Matrix
