Machine Synopsis

Monitors is a hard Linux machine that involves `WordPress plugin` exploitation leading to a `command injection` via `SQL injection` through a well known network management web application in order to get a shell on the system. Then by performing basic service file enumeration one can gain the user password and thus a foothold to the system through SSH. The root stage consists of a `Java based XML RPC deserialization` attack against `Apache OFBiz` to gain a shell in a Docker container. Then it is possible by abusing the `CAP_SYS_MODULE` capability to load a malicious kernel module against the host and escalate privileges to root.