HTB CDSA
Certified Defensive Security Analyst by Academy. Get started now!
Machine Synopsis
PlayerTwo is an insane difficulty Linux machine featuring multiple technologies and vulnerabilities. Vhost and directory enumeration yields source code for the protobuf service, that is used to query the server. This provides credentials used to login and gain access to firmware. The firmware is modified in order to execute commands on the server and gain a foothold. The server is found to be passing messages over MQTT, and contain a user's SSH key. This user is found to have access to a SUID binary that is vulnerable to multiple vectors, leading to a root shell.
Machine Matrix