Monitored
Monitored
Monitored 583
Monitored
RETIRED MACHINE

Monitored

Monitored - Linux Linux
Monitored - Medium Medium

4.3

MACHINE RATING

4540

USER OWNS

4239

SYSTEM OWNS

13/01/2024

RELEASED
Created by TheCyberGeek & ruycr4ft

Machine Synopsis

Monitored is a medium-difficulty Linux machine that features a Nagios instance. Credentials for the service are obtained via the SNMP protocol, which reveals a username and password combination provided as command-line parameters. Using the Nagios API, an authentication token for a disabled account is obtained, which leads to access to the application's dashboard. From there, a SQL injection (`[CVE-2023-40931](https://nvd.nist.gov/vuln/detail/CVE-2023-40931)`) is abused to obtain an administrator API key, with which a new admin account is created and used to run arbitrary commands on the instance, leading to a reverse shell. Finally, `sudo` access to a bash script is abused to read the `root` user's SSH key and authenticate as `root`.

Machine Matrix

Ready to start your
hacking journey?