HTB CDSA
Certified Defensive Security Analyst by Academy. Get started now!
Machine Synopsis
Unbalanced is a hard difficulty Linux machine featuring a rsync service that stores an encrypted backup module. Upon decryption we find Squid proxy configuration details, which allow us to access internal hosts. One of the hosts is found vulnerable to a blind XPath injection, which is leveraged to obtain a set of credentials. These credentials allows us to gain foothold on the server. A vulnerable Pi-hole Docker instance is discovered, which is exploited and allows us to obtain a password that can be reused for the root account.
Machine Matrix