BountyHunter
BountyHunter
BountyHunter 359
BountyHunter
RETIRED MACHINE

BountyHunter

BountyHunter - Linux Linux
BountyHunter - Easy Easy

4.5

MACHINE RATING

17600

USER OWNS

16366

SYSTEM OWNS

24/07/2021

RELEASED
Created by ejedev

Machine Synopsis

BountyHunter is an easy Linux machine that uses XML external entity injection to read system files. Being able to read a PHP file where credentials are leaked gives the opportunity to get a foothold on system as development user. A message from John mentions a contract with Skytrain Inc and states about a script that validates tickets. Auditing the source code of the python script reveals that it uses the eval function on ticket code, which can be injected, and as the python script can be run as root with sudo by the development user it is possible to get a root shell.

Machine Matrix

Ready to start your
hacking journey?