HTB CDSA
Certified Defensive Security Analyst by Academy. Get started now!
Machine Synopsis
CrossFit2 is an insane difficulty BSD machine running a web server and an exposed unbound instance. An arbitrary file read is exploited to read relayd configuration. This gives access to vhosts with member applications. A password reset form vulnerable to host header injection can be exploited to register users and then exfiltrate chat via Cross Site Websocket Hijacking. Lateral movement involves exploiting nodejs path preference. Finally, a custom binary vulnerable to privileged file read is used to generate an OTP and get root.
Machine Matrix