HTB CDSA
Certified Defensive Security Analyst by Academy. Get started now!
Machine Synopsis
Soccer is an easy difficulty Linux machine that features a foothold based on default credentials, forfeiting access to a vulnerable version of the `Tiny File Manager`, which in turn leads to a reverse shell on the target system (`CVE-2021-45010`). Enumerating the target reveals a subdomain which is vulnerable to a blind SQL injection through websockets. Leveraging the SQLi leads to dumped `SSH` credentials for the `player` user, who can run `dstat` using `doas`- an alternative to `sudo`. By creating a custom `Python` plugin for `doas`, a shell as `root` is then spawned through the `SUID` bit of the `doas` binary, leading to fully escalated privileges.
Machine Matrix