HTB CDSA
Certified Defensive Security Analyst by Academy. Get started now!
Machine Synopsis
Backdoor is an easy difficulty Linux machine which is hosting a Wordpress blog with an installed plugin that is vulnerable to a directory traversal exploit. This allows us to read the files in the /proc directory and identify the gdbserver running on one of the ports of the server. An RCE exploit for gdbserver can be used to gain foothold. Further, on analyzing the processes running on the system, it is discovered that a screen session is running with root privileges. Attaching to this screen session leads to root access.
Machine Matrix