Magic
Magic
Magic 241
Magic
RETIRED MACHINE

Magic

Magic - Linux Linux
Magic - Medium Medium

4.6

MACHINE RATING

10551

USER OWNS

9620

SYSTEM OWNS

18/04/2020

RELEASED
Created by TRX

Machine Synopsis

Magic is an easy difficulty Linux machine that features a custom web application. A SQL injection vulnerability in the login form is exploited, in order to bypass the login and gain access to an upload page. Weak whitelist validation allows for uploading a PHP webshell, which is used to gain command execution. The MySQL database is found to contain plaintext credentials, which are re-used for lateral movement. A path hijacking vector combined with assigned SUID permissions leads to full system compromise.

Machine Matrix

Ready to start your
hacking journey?