Forge
Forge
Forge 376
Forge
RETIRED MACHINE

Forge

Forge - Linux Linux
Forge - Medium Medium

4.5

MACHINE RATING

6517

USER OWNS

6329

SYSTEM OWNS

11/09/2021

RELEASED
Created by NoobHacker9999

Machine Synopsis

Forge is a medium linux machine that features an SSRF vulnerability on the main webpage that can be exploited to access services that are available only on localhost. Specifically, an FTP server is running but it's behind a firewall that prevents any connection except from localhost. Virtual host brute forcing reveals a new admin virtual host that is also blocked from external connections. The main webpage provides the ability to upload image files from URLs, but there are no checks in place to validate if the file is a real image or not. Thus allowing an attacker to specify a URL to a machine he controls in order to redirect the traffic to the internal services running on the box. Data exfiltration from the internal admin virtual host reveals credentials that can be used to access the FTP server, exploiting the same SSRF vulnerability. Through the FTP, the SSH key for `user` can be extracted. Privilege escalation relies on a Python script that `user` is able to execute using sudo. Triggering an error on the script will cause it to execute `Pdb`, an interactive Python debugger that can interpret Python commands. Since `Pdb` is running as `root`, because the main script was executed using `sudo`, a root shell can be spawned.

Machine Matrix

Ready to start your
hacking journey?