Machine Synopsis

Moderators is a hard Linux machine that features a blog, which holds security reports. Through Insecure Direct Object Reference (IDOR) undisclosed reports can be found, which lead to a log page where it is possible to upload PDF files. Using basic filter bypasses it's possible to upload a PHP shell and gain access as `www-data`. A WordPress site can then be found running internally on port 8080. The site contains two plugins, `brandfolder` and `password-manager`, the former of which has a Local File Inclusion vulnerability, exploitation of which leads to a shell as the `lexi` user. An SSH key can be found in the WordPress database, which needs to be cracked from the `password-manager` plugin. Modifying said plugin allows for the SSH key to be decrypted, yielding access to a second user called `john`. In the second user's home folder there is a Virtual Disk Image (.vdi) file, which is encrypted. Using a `.vbox` password cracker the password can be recovered. On the disk there is a LUKS encrypted file system which can also be brute forced by using a bash script. Once decrypted, the file system contains scripts, one of which holds the password to the second user. The password can be used to run any command with sudo.