Machine Synopsis

Bagel is a Medium Difficulty Linux machine that features an e-shop that is vulnerable to a path traversal attack, through which the source code of the application is obtained. The vulnerability is then used to download a `.NET` WebSocket server, which once disassembled reveals plaintext credentials. Further analysis reveals an insecure deserialization vulnerability which is leveraged to read arbitrary files, including a user's private `SSH` key. Using the key to obtain a foothold on the machine, the previously discovered password is used to pivot to another user, who can use the `dotnet` tool with `root` permissions. This misconfiguration is used to execute a malicious `.NET` application, leading to fully escalated privileges.