HTB CDSA
Certified Defensive Security Analyst by Academy. Get started now!
Machine Synopsis
Unobtainium is a hard difficulty Linux machine which features kubernetes exploitation and electron application reversing. Frontend web application serve unobtainium chat application created with electron which can be downloaded in three different packages (deb, rpm & snap). Electron application exposes a Node JS API which is affected with prototype pollution. Exploiting prototype pollution and gain reverse shell give us access inside a kubernetes pod. Understanding the Kubernetes RBAC system is critical in order to switch service accounts and create a malicious pod to mount root filesystem and escape the pod.
Machine Matrix