HTB CDSA
Certified Defensive Security Analyst by Academy. Get started now!
Machine Synopsis
Schooled is a medium difficulty FreeBSD machine that showcases two recently disclosed vulnerabilities affecting the Moodle platform (labeled CVE-2020-25627 and CVE-2020-14321), which have to be chained together in order to gain access as a `teacher` user, escalate privileges to a `manager` user and install a malicious plugin resulting in remote command execution. Cracking a hash obtained from the Moodle database allows SSH access to the system via password reuse. Privileges can then be escalated to `root` by installing a malicious package (which is possible due to `sudo` permissions and write access to the `/etc/hosts` file).
Machine Matrix