HTB CDSA
Certified Defensive Security Analyst by Academy. Get started now!
Machine Synopsis
Mailroom is a Hard difficulty Linux machine featuring a custom web application and a `Gitea` code repository instance that contains public source code revealing an additional subdomain. The web application is susceptible to Cross-Site Scripting (`XSS`), executed by a user on the target, which can be further exploited with a Server-Side Request Forgery (`SSRF `) and chained with `NoSQL` injection to dump credentials. Once an initial shell is obtained, enumerating the user's mailbox contains a 2FA link to gain access to a protected subdomain, which is also a custom web application running in a `Docker `container that is vulnerable to command injection. By gaining access to this container, it is possible to obtain credentials from its `Git` repository, leading to access to the host as another user. Process enumeration reveals a recurring execution of an application called `KeePass`, where the process can be examined to capture keystrokes from the user executing it. The `KeePass ` database contains sensitive credentials that, when acquired, grant root access.
Machine Matrix