Schooled
Schooled
Schooled 335
Schooled
RETIRED MACHINE

Schooled

Schooled - FreeBSD FreeBSD
Schooled - Medium Medium

4.7

MACHINE RATING

4560

USER OWNS

4270

SYSTEM OWNS

03/04/2021

RELEASED
Created by TheCyberGeek

Machine Synopsis

Schooled is a medium difficulty FreeBSD machine that showcases two recently disclosed vulnerabilities affecting the Moodle platform (labeled CVE-2020-25627 and CVE-2020-14321), which have to be chained together in order to gain access as a `teacher` user, escalate privileges to a `manager` user and install a malicious plugin resulting in remote command execution. Cracking a hash obtained from the Moodle database allows SSH access to the system via password reuse. Privileges can then be escalated to `root` by installing a malicious package (which is possible due to `sudo` permissions and write access to the `/etc/hosts` file).

Machine Matrix

Ready to start your
hacking journey?