Passage
Passage
Passage 275
Passage
RETIRED MACHINE

Passage

Passage - Linux Linux
Passage - Medium Medium

4.5

MACHINE RATING

10914

USER OWNS

10070

SYSTEM OWNS

05/09/2020

RELEASED
Created by ChefByzen

Machine Synopsis

Passage is a medium difficulty Linux machine that hosts a CuteNews web application. This is found to suffer from a remote command execution vulnerability, which is leveraged to gain a foothold. A CuteNews password hash for the application user `paul` is discovered and cracked. Owing to password reuse, we can use this to move laterally to the `paul` system user. A private SSH key is found to be shared between the system users, which allows us to move laterally to `nadav`. This user is found to be a member of the sudo group. Enumeration of the vim command line history reveals that the `com.ubuntu.USBCreator.conf` policy has been edited, in order to allow users of the `sudo` group to invoke methods of the `usb-creator` service. The D-Bus service USBCreator is found to suffer from a vulnerability, allowing the password security policy imposed by `sudo` binary to be bypassed. This is leveraged in order to read privileged files as root.

Machine Matrix

Ready to start your
hacking journey?