HTB CDSA
Certified Defensive Security Analyst by Academy. Get started now!
Machine Synopsis
Ophiuchi is a Medium linux machine that features an Apache tomcat server hosting a Java Website. The website hosts an "Online YAML Parser" which is vulnerable to insecure java deserialization. We get remote code execution as tomcat. While enumerating we find clear text credentials for the admin user. We observe that admin user can run a program in GO language as root which loads a web assembly file which executes a script based on results. We can modify the results and get code execution as user root. <b><u>Note:</u></b> IP target address might differ.
Machine Matrix