Horizontall
Horizontall
Horizontall 374
Horizontall
RETIRED MACHINE

Horizontall

Horizontall - Linux Linux
Horizontall - Easy Easy

4.3

MACHINE RATING

16813

USER OWNS

13222

SYSTEM OWNS

28/08/2021

RELEASED
Created by GreyByte

Machine Synopsis

Horizontall is an easy difficulty Linux machine were only HTTP and SSH services are exposed. Enumeration of the website reveals that it is built using the Vue JS framework. Reviewing the source code of the Javascript file, a new virtual host is discovered. This host contains the `Strapi Headless CMS` which is vulnerable to two CVEs allowing potential attackers to gain remote code execution on the system as the `strapi` user. Then, after enumerating services listening only on localhost on the remote machine, a Laravel instance is discovered. In order to access the port that Laravel is listening on, SSH tunnelling is used. The Laravel framework installed is outdated and running on debug mode. Another CVE can be exploited to gain remote code execution through Laravel as `root`.

Machine Matrix

Ready to start your
hacking journey?