Multimaster
Multimaster
Multimaster 232
Multimaster
RETIRED MACHINE

Multimaster

Multimaster - Windows Windows
Multimaster - Insane Insane

4.4

MACHINE RATING

2733

USER OWNS

2435

SYSTEM OWNS

07/03/2020

RELEASED
Created by MinatoTW & egre55

Machine Synopsis

Multimaster is an insane difficulty Windows machine featuring a web application that is vulnerable to SQL Injection. This vulnerability is leveraged to obtain the foothold on the server. Examination the file system reveals that a vulnerable version of VS Code is installed, and VS Code processes and found to be running on the server. By exploiting debug functionality, a shell as the user `cyork` can be gained. A password is found in a DLL, which due to password reuse, results in a shell as `sbauer`. This user is found to have `GenericWrite` permissions on the user `jorden`. Abusing this privilege allows us to gain access to the server as this user. `jorden` is be member of `Server Operators` group, whose privileges we exploit to get a SYSTEM shell.

Machine Matrix

Ready to start your
hacking journey?