What a great box this was!
- Since you can register your own user, the next step is to figure out how to access the web app as a different user. Finding that username is pretty simple, just pay attention to error messages.
- There are hints on the box to get you on the right path. The actual exploit is a known CVE that impacts a script that processes some data that you can control. Read the code and follow the input path.
- Another known attack to get root. Check what’s running on the box and under which user it’s running, a classic mistake. There’s even a handy exploit that does all the heavy lifting for you.
I really enjoyed each step for this box. It was a lot of fun. Mad props @kavigihan!
PM me (or hit me up on discord
InfosecGreg#1683) if you need any hints.