Appsanity
Appsanity
Appsanity 573
Appsanity
RETIRED MACHINE

Appsanity

Appsanity - Windows Windows
Appsanity - Hard Hard

4.6

MACHINE RATING

1547

USER OWNS

1328

SYSTEM OWNS

28/10/2023

RELEASED
Created by xRogue

Machine Synopsis

Appsanity is a hard-difficulty Windows machine focused on application misconfigurations both on the web and locally. The web applications showcase several vulnerabilities, including an Access Control issue during sign-up, enabling unauthorized access to a higher-privileged account. Additionally, flawed session management permits attackers to use a `JWT token` from one domain to access a subdomain. This secondary domain has a file upload vulnerability, which, coupled with Server-Side Request Forgery (SSRF), allows the uploading and execution of an `.aspx` file to establish a reverse shell. Locally, two attack vectors are present: one involves decompiling a `C#` binary to uncover a registry key holding a user password, and the other entails analyzing a `C++` binary to spot a DLL Hijacking opportunity, granting the attacker administrative code execution.

Machine Matrix

Ready to start your
hacking journey?