Pilgrimage
Pilgrimage
Pilgrimage 549
Pilgrimage
RETIRED MACHINE

Pilgrimage

Pilgrimage - Linux Linux
Pilgrimage - Easy Easy

4.5

MACHINE RATING

13116

USER OWNS

11531

SYSTEM OWNS

24/06/2023

RELEASED
Created by coopertim13

Machine Synopsis

Pilgrimage is an easy-difficulty Linux machine featuring a web application with an exposed `Git` repository. Analysing the underlying filesystem and source code reveals the use of a vulnerable version of `ImageMagick`, which can be used to read arbitrary files on the target by embedding a malicious `tEXT` chunk into a PNG image. The vulnerability is leveraged to obtain a `SQLite` database file containing a plaintext password that can be used to SSH into the machine. Enumeration of the running processes reveals a `Bash` script executed by `root` that calls a vulnerable version of the `Binwalk` binary. By creating another malicious PNG, `CVE-2022-4510` is leveraged to obtain Remote Code Execution (RCE) as `root`.

Machine Matrix

Ready to start your
hacking journey?