Read my writeup for Shoppy machine on:
User 1: By utilizing NoSQL Injection, login authentication is bypassed. By searching for a user, the hash of
josh is found and cracked. Using these credentials, access is gained to
mattermost, the credentials for the user
jaeger are discovered and used for SSH login.
User 2: By running the command
sudo -l, it is determined that the binary
password-manager can be run as the user
deploy. By reversing the binary, the binary’s authentication password is found and it is discovered that the binary prints the credentials of the
Root: Through the use of Docker container escape, restricted environments are bypassed and an interactive system shell is spawned, providing
root access to the machine.