Machine Synopsis

Format is a medium-difficulty Linux machine that highlights security problems caused by how a solution is structured. The foothold involves PHP source code review, uncovering and exploiting a local file read/write vulnerability and capitalising on a misconfiguration in Nginx to execute commands on a Redis Unix socket. Lateral movement includes exploring the Redis database to uncover user passwords, while privilege escalation revolves around a Python script running with root privileges, which is susceptible to code injection.