Machine Synopsis

Jupiter is a Medium difficulty Linux machine that features a Grafana instance using a PostgreSQL database that is overextended on permissions and vulnerable to SQL injection and consequently remote code execution. Once foothold is gained, it is noted that a utility named Shadow, a scientific experimentation tool that simplifies the evaluation of real networked applications is installed with misconfigured permissions on its configuration file. Lateral movement is then achieved by reviewing log files associated with Jupyter Notebooks that contain tokens for a secondary user. Once access to this user is gained, privilege escalation can be achieved by abusing a Satellite Tracking System binary that may be executed with `sudo` privileges by the secondary user.