HTB CDSA
Certified Defensive Security Analyst by Academy. Get started now!
Machine Synopsis
Carpediem is a hard difficulty Linux machine that focuses on enumeration, web exploitation, VoIP, network sniffing and container breakout. Initial foothold is obtained by abusing some still-in-development functions in a custom built web application, gaining access to an administrative dashboard where a web shell can be uploaded by modifying a POST request, resulting in arbitrary code execution inside a Docker container. Enumeration of Trudesk tickets leads to VoIP credentials, which in turn allow to retrieve a user password by listening to a voicemail message, resulting in low-privileged SSH access to the system. Sniffing TLS-encrypted traffic, which can be decrypted using a world-readable private key file, reveals credentials to access an internal instance of Backdrop CMS, where remote command execution on a second container can be obtained by uploading a custom module. A cron job running with `root` privileges can be exploited to escalate privileges inside the container, and finally escape the container by exploiting CVE-2022-0492, obtaining `root` access to the host.
Machine Matrix