Drive
Drive
Drive 570
Drive
RETIRED MACHINE

Drive

Drive - Linux Linux
Drive - Hard Hard

4.7

MACHINE RATING

2791

USER OWNS

2446

SYSTEM OWNS

14/10/2023

RELEASED
Created by Spectra199

Machine Synopsis

Drive is a hard Linux machine featuring a file-sharing service susceptible to Insecure Direct Object Reference (IDOR), through which a plaintext password is obtained, leading to SSH access to the box. Encrypted database backups are discovered, which are unlocked using a hardcoded password exposed in a Gitea repository. Hashes within the backups are cracked, leading to access to another user on the system whom has access to a root-owned binary with the SUID bit set. The program is reverse engineered, revealing the misuse of a printf function, which is used to read and subsequently bypass the canary on the stack. Finally, a sequence of ROP gadgets is used to obtain a shell on the target.

Machine Matrix

Ready to start your
hacking journey?