Mentor
Mentor
Mentor 518
Mentor
RETIRED MACHINE

Mentor

Mentor - Linux Linux
Mentor - Medium Medium

3.1

MACHINE RATING

2450

USER OWNS

2290

SYSTEM OWNS

10/12/2022

RELEASED
Created by kavigihan

Machine Synopsis

Mentor is a medium difficulty Linux machine whose path includes pivoting through four different users before arriving at root. After scanning an `SNMP` service with a community string that can be brute forced, plaintext credentials are discovered which are used for an `API` endpoint, which proves to be vulnerable to blind remote code execution and leads to a foothold on a docker container. Enumerating the container's network reveals a `PostgreSQL` service on another container, which can be leveraged into RCE by authenticating using default credentials. Examining an old database backup on the `PostgreSQL` container reveals a hash, which once cracked is used to `SSH` into the machine. Finally, by examining the configuration files on the host, the attacker is able to retrieve a password for user `james`, who is able run the `/bin/sh` command with sudo privileges, thereby instantly forfeiting `root` privileges.

Machine Matrix

Ready to start your
hacking journey?