Ellingson
Ellingson
Ellingson 189
Ellingson
RETIRED MACHINE

Ellingson

Ellingson - Linux Linux
Ellingson - Hard Hard

4.9

MACHINE RATING

2723

USER OWNS

1927

SYSTEM OWNS

18/05/2019

RELEASED
Created by Le83nd

Machine Synopsis

Ellingson is a hard difficulty Linux box running a python flask server in debug mode, behind a nginx proxy. The debugger can be abused to execute code on the server in the context of the user running it. The user is found to be in the adm group which has access to the shadow.bak file, from which hashes can be gained and cracked, which allows for lateral movement. A SUID binary is found to be vulnerable to a buffer overflow - but as ASLR and NX are enabled - a ROP based exploitation needs to be performed to gain a root shell.

Machine Matrix

Ready to start your
hacking journey?