Meta
Meta
Meta 429
Meta
RETIRED MACHINE

Meta

Meta - Linux Linux
Meta - Medium Medium

4.5

MACHINE RATING

4754

USER OWNS

4619

SYSTEM OWNS

22/01/2022

RELEASED
Created by Nauten

Machine Synopsis

Meta is a medium difficulty Linux machine that focuses on two different CVEs ([CVE-2021-22204](https://nvd.nist.gov/vuln/detail/cve-2021-22204) and [CVE-2020-29599](https://nvd.nist.gov/vuln/detail/CVE-2020-29599)) in ExifTool and ImageMagick, which can be exploited at different stages. Foothold is obtained by uploading a maliciously crafted file to a web application that reads image metadata, in order to trigger Remote Command Execution in ExifTool. Command injection in ImageMagick is then exploited to move laterally to a second user. Finally, privileges can be escalated due to an `env_keep` setting in `sudo` that allows attackers to run arbitrary commands as `root` by setting a custom configuration directory in an environment variable.

Machine Matrix

Ready to start your
hacking journey?