Flustered
Flustered
Flustered 437
Flustered
RETIRED MACHINE

Flustered

Flustered - Linux Linux
Flustered - Medium Medium

3

MACHINE RATING

268

USER OWNS

146

SYSTEM OWNS

31/01/2022

RELEASED
Created by polarbearer

Machine Synopsis

Flustered is a medium difficulty Linux machine which showcases two different storage solutions (GlusterFS and the Azure Storage emulator Azurite) that can be accessed at different stages in order to obtain different levels of access to the system. First, unauthenticated mount of a GlusterFS volume allows attackers to read Squid credentials from a database, granting access to a local HTTP server where the source code of the main web application can be read, discovering an SSTI vulnerabilty that results in remote command execution. World-readable SSL certificates allow access to a second GlusterFS volume that is mounted as `/home`, where public keys can be planted in order to SSH in as a second user. Finally, an Azure Storage blob contains a public SSH key for the `root` user.

Machine Matrix

Ready to start your
hacking journey?