Ransom
Ransom
Ransom 457
Ransom
RETIRED MACHINE

Ransom

Ransom - Linux Linux
Ransom - Medium Medium

4.5

MACHINE RATING

1400

USER OWNS

1048

SYSTEM OWNS

15/03/2022

RELEASED
Created by ippsec

Machine Synopsis

Ransom is a medium-difficulty Linux machine that starts with a password-protected web application, hosting some files. An attacker is able to bypass the authentication process by modifying the request type and type juggling the arguments. Once access to the files is obtained, a Zip archive of a home directory is downloaded. The archive is encrypted using a legacy method that is vulnerable to a known-plaintext attack. Upon decrypting the archive, the attacker can access the box via SSH, using the uncovered private key. Enumerating the remote machine, the hardcoded password that was required by the webpage is found and reused to authenticate as the root user.

Machine Matrix

Ready to start your
hacking journey?