Machine Synopsis

Proper is a hard difficulty Linux machine which features a web application loading products using an Ajax call leaking a secret key which helps in generating token that allows performing SQL Injection. The data obtained allows us to login to License portal having a feature to change the themes of the application. This feature leaks source code and found to be vulnerable to race condition using which foothold can be gained. A service having client server model allowing privileged writes which can be abused to gain system access.