Soccer
Soccer
Soccer 519
Soccer
RETIRED MACHINE

Soccer

Soccer - Linux Linux
Soccer - Easy Easy

4.5

MACHINE RATING

15100

USER OWNS

13970

SYSTEM OWNS

17/12/2022

RELEASED
Created by sau123

Machine Synopsis

Soccer is an easy difficulty Linux machine that features a foothold based on default credentials, forfeiting access to a vulnerable version of the `Tiny File Manager`, which in turn leads to a reverse shell on the target system (`CVE-2021-45010`). Enumerating the target reveals a subdomain which is vulnerable to a blind SQL injection through websockets. Leveraging the SQLi leads to dumped `SSH` credentials for the `player` user, who can run `dstat` using `doas`- an alternative to `sudo`. By creating a custom `Python` plugin for `doas`, a shell as `root` is then spawned through the `SUID` bit of the `doas` binary, leading to fully escalated privileges.

Machine Matrix

Ready to start your
hacking journey?