Perfection
Perfection
Perfection 590
Perfection
RETIRED MACHINE

Perfection

Perfection - Linux Linux
Perfection - Easy Easy

4.1

MACHINE RATING

11750

USER OWNS

10880

SYSTEM OWNS

02/03/2024

RELEASED
Created by TheRedeemed1

Machine Synopsis

Perfection is an easy Linux machine that features a web application with functionality to calculate student scores. This application is vulnerable to Server-Side Template Injection (SSTI) via regex filter bypass. A foothold can be gained by exploiting the SSTI vulnerability. Enumerating the user reveals they are part of the `sudo` group. Further enumeration uncovers a database with password hashes, and the user's mail reveals a possible password format. Using a mask attack on the hash, the user's password is obtained, which is leveraged to gain `root` access.

Machine Matrix

Ready to start your
hacking journey?