HTB CDSA
Certified Defensive Security Analyst by Academy. Get started now!
Machine Synopsis
Armageddon is an easy difficulty machine. An exploitable Drupal website allows access to the remote host. Enumeration of the Drupal file structure reveals credentials that allows us to connect to the MySQL server, and eventually extract the hash that is reusable for a system user. Using these credentials, we can connect to the remote machine over SSH. This user is allowed to install applications using the `snap` package manager. Privilege escalation is possible by uploading and installing to the host, a malicious application using Snapcraft.
Machine Matrix