FluJab
FluJab
FluJab 171
FluJab
RETIRED MACHINE

FluJab

FluJab - Linux Linux
FluJab - Hard Hard

4

MACHINE RATING

576

USER OWNS

558

SYSTEM OWNS

26/01/2019

RELEASED
Created by 3mrgnc3

Machine Synopsis

FluJab is a hard difficulty Linux box with lot of components and needs a fair amount of enumeration. After gaining a list of vhosts from the certificate one is found to be useful. Cookie tampering allows an unauthorized user to gain access to SMTP configuration which can be changed in order to receive mails. A parameter is found to be Union SQL injectable result of which can be seen in the Emails. Another vhost and a set of credentials is gained from the database which leads to Ajenti management console. The console is found to be misconfigured allowing overwriting and reading files, from which SSH access can be gained. Privileges can be escalated through a screens suid which is found to be vulnerable.

Machine Matrix

Ready to start your
hacking journey?