Machine Synopsis

Cybermonday is a hard difficulty Linux machine that showcases vulnerabilities such as off-by-slash, mass assignment, and Server-Side Request Forgery (SSRF). The initial foothold involves exploiting a mass assignment vulnerability in the web application and executing Redis commands through SSRF using CRLF injection. For lateral movement, the source code of the API is analyzed, followed by exploiting an LFI vulnerability to retrieve the password for the user `john`. The privilege escalation to `root` is achieved by leveraging SUDO privileges, allowing user `john` to build and run a docker container from any Docker Compose file.