Health
Health
Health 491
Health
RETIRED MACHINE

Health

Health - Linux Linux
Health - Medium Medium

3.8

MACHINE RATING

2244

USER OWNS

2044

SYSTEM OWNS

20/08/2022

RELEASED
Created by irogir

Machine Synopsis

Health is a medium Linux machine that features an SSRF vulnerability on the main webpage that can be exploited to access services that are available only on localhost. More specifically, a Gogs instance is accessible only through localhost and this specific version is vulnerable to an SQL injection attack. Due to the way that an attacker can interact with the Gogs instance the best approach in this scenario is to replicate the remote environment by installing the same Gogs version on a local machine and then using automated tools to produce a valid payload. After retrieving the hashed password of the user `susanne` an attacker is able to crack the hash and reveal the plain text password of that user. The same credentials can be used to authenticate to the remote machine using SSH. Privilege escalation relies on cron jobs that are running under the user `root`. These cron jobs are related to the functionality of the main web application and process unfiltered data from a database. Thus, an attacker is able to inject a malicious task inside the database and exfiltrate the SSH key file of the user `root`, thus, allowing him to gain a root session on the remote machine.

Machine Matrix

Ready to start your
hacking journey?