HTB CDSA
Certified Defensive Security Analyst by Academy. Get started now!
Machine Synopsis
Smasher2 is an insane difficult linux machine, which requires knowledge of Python, C and kernel exploitation. A folder protected by Basic Authentication is brute-forced to gain source code for a session manager on one of the vhosts. A shared object file is used by the session manager which has a vulnerable function leading to credential leakage. Then a kernel module is found which uses a weak mmap handler and is exploited to gain a root shell.
Machine Matrix