Obscurity
Obscurity
Obscurity 219
Obscurity
RETIRED MACHINE

Obscurity

Obscurity - Linux Linux
Obscurity - Medium Medium

4.1

MACHINE RATING

8733

USER OWNS

8517

SYSTEM OWNS

30/11/2019

RELEASED
Created by clubby789

Machine Synopsis

Obscurity is medium difficulty Linux machine that features a custom web server. A code injection vulnerability is exploited to gain an initial foothold as `www-data`. Weak folder permissions reveal a custom cryptography algorithm, that has been used to encrypt the user's password. A known-plaintext attack reveals the encryption key, which is used to decrypt the password. This password is used to move laterally to the user `robert`, who is allowed to run a faux terminal as root. This can be used to escalate privileges to root via winning a race condition or by overwriting `sudo` arguments.

Machine Matrix

Ready to start your
hacking journey?