HTB CDSA
Certified Defensive Security Analyst by Academy. Get started now!
Machine Synopsis
Atom is a Medium Windows machine that features a hosting of Electron software. The website hosts a windows version of the application (Electron Builder) where a vulnerability in signature validation can lead to remote command execution and thus get a foothold on system as user jason. By capturing the password of Redis service from configuration file it was possible to get the encrypted password of user Administrator. By using exploitation for the PortableKanban the administrator's password can be decrypted and thus login through winrm to the system. <b><u>Note:</u></b> IP target address might differ.
Machine Matrix