Bizness
Bizness
Bizness 582
Bizness
RETIRED MACHINE

Bizness

Bizness - Linux Linux
Bizness - Easy Easy

2.8

MACHINE RATING

16763

USER OWNS

13815

SYSTEM OWNS

06/01/2024

RELEASED
Created by C4rm3l0

Machine Synopsis

Bizness is an easy Linux machine showcasing an Apache OFBiz pre-authentication, remote code execution (RCE) foothold, classified as `[CVE-2023-49070](https://nvd.nist.gov/vuln/detail/CVE-2023-49070)`. The exploit is leveraged to obtain a shell on the box, where enumeration of the OFBiz configuration reveals a hashed password in the service's Derby database. Through research and little code review, the hash is transformed into a more common format that can be cracked by industry-standard tools. The obtained password is used to log into the box as the root user.

Machine Matrix

Ready to start your
hacking journey?