Pollution
Pollution
Pollution 517
Pollution
RETIRED MACHINE

Pollution

Pollution - Linux Linux
Pollution - Hard Hard

4.9

MACHINE RATING

993

USER OWNS

933

SYSTEM OWNS

03/12/2022

RELEASED
Created by Tr1s0n

Machine Synopsis

Pollution is a challenging Linux machine with several intricate and sophisticated vulnerabilities to exploit, such as XXE and leveraging LFI to gain RCE, as well as prototype pollution. Initially, we gain a foothold shell as user `www-data` by reading critical files through XXE and then leveraging LFI to gain RCE. Further, we discover that `php-fpm` is running as user `victor` on an internal port of the remote host, which can be leveraged to move laterally from `www-data` to `victor`. Finally, we manage to escalate privileges to user `root` by exploiting prototype pollution on an internal NodeJS service.

Machine Matrix

Ready to start your
hacking journey?