Certified Defensive Security Analyst by Academy. Get started now!
Scanned is an Insane Linux machine that starts with a webpage of a malware scanning application. The source code for both the web application and a sandboxing application is available for review through the webpage. A potential attacker will have to review the source code and trace some minor coding mistakes that combined could lead to a full system compromise. An attacker can exploit these mistakes and craft a binary that can bypass the sandbox and leak sensitive information from the remote machine. The attacker can retrieve a password hash that once cracked, reveals a valid password for the user `clarence` through SSH. Once the attacker has proper access to the remote machine, enumerating for possible privilege escalation paths yields no fruitful results. So, they have to re-use the context of the original foothold to exploit the `chroot` mechanism of the sandbox by hijacking a library used by a SUID binary. Through this exploitation process, an attacker can create a backdoor on the system and gain `root` privileges.