OnlyForYou
OnlyForYou
OnlyForYou 540
OnlyForYou
RETIRED MACHINE

OnlyForYou

OnlyForYou - Linux Linux
OnlyForYou - Medium Medium

4.6

MACHINE RATING

3403

USER OWNS

2881

SYSTEM OWNS

22/04/2023

RELEASED
Created by 0xM4hm0ud

Machine Synopsis

OnlyForYou is a Medium Difficulty Linux machine that features a web application susceptible to a Local File Inclusion (LFI), which is used to access source code that reveals a Blind Command Injection vulnerability, leading to a shell on the target system. The machine runs several local services, one of which uses default credentials and exposes an endpoint vulnerable to a `Cypher` injection. Exploiting this vulnerability leaks hashes from the `Neo4j` database, granting `SSH` access to the machine. Finally, a misconfigured `sudoers` file allows the `pip3 download` command to be run with `root` privileges. Privilege escalation is achieved by creating and hosting a malicious `Python` package on the local `Gogs` service and downloading it.

Machine Matrix

Ready to start your
hacking journey?