Travel
Travel
Travel 252
Travel
RETIRED MACHINE

Travel

Travel - Linux Linux
Travel - Hard Hard

4.9

MACHINE RATING

1935

USER OWNS

1743

SYSTEM OWNS

16/05/2020

RELEASED
Created by xct & jkr

Machine Synopsis

Travel is a hard difficulty Linux machine that features a WordPress instance along with a development server. The server is found to host an exposed Git repository, which reveals sensitive source code. The source code is analyzed and an SSRF and unsafe deserialization vulnerability are identified. These are leveraged to gain code execution. A backup password is cracked and used to move laterally. The user is found to be an LDAP administrator and can edit user attributes. This is leveraged to modify group membership and gain root privileges.

Machine Matrix

Ready to start your
hacking journey?