HTB CDSA
Certified Defensive Security Analyst by Academy. Get started now!
Machine Synopsis
Flustered is a medium difficulty Linux machine which showcases two different storage solutions (GlusterFS and the Azure Storage emulator Azurite) that can be accessed at different stages in order to obtain different levels of access to the system. First, unauthenticated mount of a GlusterFS volume allows attackers to read Squid credentials from a database, granting access to a local HTTP server where the source code of the main web application can be read, discovering an SSTI vulnerabilty that results in remote command execution. World-readable SSL certificates allow access to a second GlusterFS volume that is mounted as `/home`, where public keys can be planted in order to SSH in as a second user. Finally, an Azure Storage blob contains a public SSH key for the `root` user.
Machine Matrix