Machine Synopsis

Feline is a hard difficulty Linux machine that features an Apache Tomcat installation. This hosts a Java application that allows users to upload files of any type. The version of Tomcat 9.0.35 is found vulnerable to RCE via session persistence. After uploading a malicious session file and triggering it, we get a foothold as the Tomcat user. Enumeration reveals that SaltStack is running locally, which suffers from authentication bypass and directory traversal vulnerabilities, leading to RCE. We take advantage of an exposed Docker unix socket file in order to interact with Docker API and escape the container.