Machine Synopsis

Laser is an insane difficulty Linux machine that features an exposed printer. The service is queried for information and used to decrypt a file that is present in the print queue. This gives access to sensitive information that is leveraged to perform a Server Side Request Forgery (SSRF). Leveraging the Server Side Request Forgery, an outdated Apache Solr instance is exploited in order to gain a foothold. A race condition is then exploited, which allows for lateral movement to a container. The container is used to redirect SSH connections, finally giving root access.