Machine Synopsis

Encoding is a Medium difficulty Linux machine that features a web application vulnerable to Local File Read. Through the ability to read arbitrary files on the target, the attacker can first exploit a PHP LFI vulnerability in the web application to gain access to the server as the `www-data` user. They can then discover a script on the server, called `git-commit.sh`, which allows them to commit code as the James user. By inspecting the `utils.php` file, the attacker can discover that the script is run as the `svc` user with sudo privileges. Through a malicious Git hook, the attacker can grab the SSH key for the `svc` user. This user can restart services as the root user through sudo. The attacker could abuse this privilege to execute arbitrary code as root by modifying an existing service file or creating a new one.