FormulaX
FormulaX
FormulaX 592
FormulaX
RETIRED MACHINE

FormulaX

FormulaX - Linux Linux
FormulaX - Hard Hard

4.6

MACHINE RATING

2252

USER OWNS

2010

SYSTEM OWNS

09/03/2024

RELEASED
Created by 0xSmile

Machine Synopsis

FormulaX is a hard difficulty Linux machine featuring a chat application vulnerable to Cross-Site Scripting (XSS), which can be exploited to uncover a hidden subdomain. This subdomain runs simple-git version 3.14, susceptible to [CVE-2022-25912](https://www.cve.org/CVERecord?id=CVE-2022-25912), allowing access as user `www-data`. We then crack the MongoDB password hash to escalate to user `frank_dorky`. Next, we exploit an SNMP trap vulnerability in the internal LibreNMS instance to gain a shell as user `librenms`. Credentials found in files provide the password for user `kai_relay`. Finally, privilege escalation to `root` is achieved by exploiting a formula injection vulnerability in a LibreOffice Calc instance to access the root private SSH key.

Machine Matrix

Ready to start your
hacking journey?