Certified Defensive Security Analyst by Academy. Get started now!
TheNotebook is a medium difficulty Linux machine that showcases an insecure JWT implementation, which allows unprivileged users to obtain administrative access by forging and signing tokens with arbitrary attributes. This is possible because the private key used for signing tokens is fetched from an external source, which can be easily modified to point to an attacker-controlled location. Once access to the administration panel is obtained, it is possible to upload and execute PHP files resulting in remote command execution. A private SSH key can then be obtained from a world-readable backup archive, allowing lateral movement to a user that has the privileges to run Docker commands via `sudo`. The Docker version installed to the system is vulnerable to CVE-2019-5736, which allows to escalate privileges on the host system.