CrossFitTwo
CrossFitTwo
CrossFitTwo 322
CrossFitTwo
RETIRED MACHINE

CrossFitTwo

CrossFitTwo - OpenBSD OpenBSD
CrossFitTwo - Insane Insane

4.4

MACHINE RATING

566

USER OWNS

480

SYSTEM OWNS

20/03/2021

RELEASED
Created by MinatoTW & polarbearer

Machine Synopsis

CrossFit2 is an insane difficulty BSD machine running a web server and an exposed unbound instance. An arbitrary file read is exploited to read relayd configuration. This gives access to vhosts with member applications. A password reset form vulnerable to host header injection can be exploited to register users and then exfiltrate chat via Cross Site Websocket Hijacking. Lateral movement involves exploiting nodejs path preference. Finally, a custom binary vulnerable to privileged file read is used to generate an OTP and get root.

Machine Matrix

Ready to start your
hacking journey?