Machine Synopsis

Spectra is an easy difficulty Linux machine which features an Issue Software Tracker build on Wordpress. The server through directory listing discloses some credentials which can be used to gain access to administration dashboard. Initial foothold is possible by using a custom crafted malicious plugin. By further enumerating the system new credentials can be captured and thus lateral movement can be achieved to another user. Finally wrong permissions to configuration file permits a sudo action to manipulate the init processes in order to gain root.