Certified Defensive Security Analyst by Academy. Get started now!
Investigation is a Linux box rated as medium difficulty, which features a web application that provides a service for digital forensic analysis of image files. The server utilizes the ExifTool utility to analyze the image, however, the version being used has a command injection vulnerability that can be exploited to gain an initial foothold on the box as the user `www-data`. By analyzing logs found in a Windows Event logs file, it is possible to escalate privileges to the user `smorton`. To achieve the final goal of gaining root access, the user must reverse engineer a binary that can be run by the user `smorton` with sudo access and then exploit it to elevate privileges to root.