HTB CDSA
Certified Defensive Security Analyst by Academy. Get started now!
Machine Synopsis
Player is a Hard difficulty Linux box featuring multiple vhosts and a vulnerable SSH server. Sensitive information gained from a chat can be leveraged to find source code. This is used to gain access to an internal application vulnerable to LFI through FFMPEG, leading to credential disclosure. The vulnerable SSH server is exploited to login to a Codiad instance, which can be used to gain a foothold. Process enumeration reveals a cron job which executes a script that is vulnerable to PHP deserialization. The script is exploited to write files and gain a shell as root.
Machine Matrix