Pit
Pit
Pit 346
Pit
RETIRED MACHINE

Pit

Pit - Linux Linux
Pit - Medium Medium

3.1

MACHINE RATING

4264

USER OWNS

3605

SYSTEM OWNS

15/05/2021

RELEASED
Created by polarbearer & GibParadox

Machine Synopsis

Pit is a medium difficulty Linux machine that focuses on SNMP enumeration and exploitation, while introducing basic SELinux restrictions and web misconfigurations. By enumerating SNMP via the default insecure `public` community, information about filesystems and users can be obtained. This allows attackers to discover and gain access to a vulnerable SeedDMS instance, which was incorrectly patched by applying Apache `.htaccess` rules to an Nginx server where they are not effective. Exploiting [CVE-2019-12744](https://nvd.nist.gov/vuln/detail/CVE-2019-12744) results in Remote Command Execution (with some SELinux restrictions) and subsequent access to a Cockpit console via password reuse. Privileges are escalated by writing a Bash script that is executed as an SNMP extension when the corresponding OID is queried.

Machine Matrix

Ready to start your
hacking journey?