Mailroom
Mailroom
Mailroom 538
Mailroom
RETIRED MACHINE

Mailroom

Mailroom - Linux Linux
Mailroom - Hard Hard

4.7

MACHINE RATING

1390

USER OWNS

1352

SYSTEM OWNS

15/04/2023

RELEASED
Created by wyzn

Machine Synopsis

Mailroom is a Hard difficulty Linux machine featuring a custom web application and a `Gitea` code repository instance that contains public source code revealing an additional subdomain. The web application is susceptible to Cross-Site Scripting (`XSS`), executed by a user on the target, which can be further exploited with a Server-Side Request Forgery (`SSRF `) and chained with `NoSQL` injection to dump credentials. Once an initial shell is obtained, enumerating the user's mailbox contains a 2FA link to gain access to a protected subdomain, which is also a custom web application running in a `Docker `container that is vulnerable to command injection. By gaining access to this container, it is possible to obtain credentials from its `Git` repository, leading to access to the host as another user. Process enumeration reveals a recurring execution of an application called `KeePass`, where the process can be examined to capture keystrokes from the user executing it. The `KeePass ` database contains sensitive credentials that, when acquired, grant root access.

Machine Matrix

Ready to start your
hacking journey?