Machine Synopsis

CrossFit is an insane difficulty Linux box featuring an Apache server that hosts the website of a fictional "CrossFit Club" gym. The website makes use of an XSS prevention mechanism that logs IP addresses and User-Agents of detected XSS attempts. The log is displayed on a web page that is periodically visited by an admin, can be used as the source of Blind XSS. CORS is used to enumerate subdomains that accept cross-origin resources by sending Origin headers and looking for Access-Control-Allow-Origin response headers. This leads to the identification of a virtual host that allows for the creation of FTP users that have permission to upload files to a web directory.