Hancliffe
Hancliffe
Hancliffe 388
Hancliffe
RETIRED MACHINE

Hancliffe

Hancliffe - Windows Windows
Hancliffe - Hard Hard

4.5

MACHINE RATING

741

USER OWNS

461

SYSTEM OWNS

09/10/2021

RELEASED
Created by Revolt

Machine Synopsis

Hancliffe is a hard difficulty Windows machine, which mainly focuses on web attacks and binary exploitation. Foothold is obtained by exploiting a Server Side Template Injection vulnerability (`CVE-2018-16341`) after gaining access to an internal application due to an inconsistency in URI normalization between Nginx and Java, which leads to a reverse proxy bypass. A remote code execution vulnerability in Unified Remote 3 is then exploited to move laterally and discover Firefox stored credentials, which allow access to a password manager application where credentials of a development user can be retrieved. Finally, a buffer overflow vulnerability in a custom application running with `Administrator` privileges is exploited to gain a high privileged shell on the target system.

Machine Matrix

Ready to start your
hacking journey?