Moderators
Moderators
Moderators 485
Moderators
RETIRED MACHINE

Moderators

Moderators - Linux Linux
Moderators - Hard Hard

2.5

MACHINE RATING

845

USER OWNS

724

SYSTEM OWNS

06/08/2022

RELEASED
Created by kavigihan

Machine Synopsis

Moderators is a hard Linux machine that features a blog, which holds security reports. Through Insecure Direct Object Reference (IDOR) undisclosed reports can be found, which lead to a log page where it is possible to upload PDF files. Using basic filter bypasses it's possible to upload a PHP shell and gain access as `www-data`. A WordPress site can then be found running internally on port 8080. The site contains two plugins, `brandfolder` and `password-manager`, the former of which has a Local File Inclusion vulnerability, exploitation of which leads to a shell as the `lexi` user. An SSH key can be found in the WordPress database, which needs to be cracked from the `password-manager` plugin. Modifying said plugin allows for the SSH key to be decrypted, yielding access to a second user called `john`. In the second user's home folder there is a Virtual Disk Image (.vdi) file, which is encrypted. Using a `.vbox` password cracker the password can be recovered. On the disk there is a LUKS encrypted file system which can also be brute forced by using a bash script. Once decrypted, the file system contains scripts, one of which holds the password to the second user. The password can be used to run any command with sudo.

Machine Matrix

Ready to start your
hacking journey?