Crafty
Crafty
Crafty 587
Crafty
RETIRED MACHINE

Crafty

Crafty - Windows Windows
Crafty - Easy Easy

2.3

MACHINE RATING

4502

USER OWNS

3606

SYSTEM OWNS

10/02/2024

RELEASED
Created by TheCyberGeek & felamos

Machine Synopsis

Crafty is an easy-difficulty Windows machine featuring the exploitation of a `Minecraft` server. Enumerating the version of the server reveals that it is vulnerable to pre-authentication Remote Code Execution (RCE), by abusing `Log4j Injection`. After obtaining a reverse shell on the target, enumerating the filesystem reveals that the administrator composed a Java-based `Minecraft` plugin, which when reverse engineered reveals `rcon` credentials. Those credentials are leveraged with the `RunAs` utility to gain Administrative access, compromising the system.

Machine Matrix

Ready to start your
hacking journey?