Tenet
Tenet
Tenet 309
Tenet
RETIRED MACHINE

Tenet

Tenet - Linux Linux
Tenet - Medium Medium

4.6

MACHINE RATING

7354

USER OWNS

6507

SYSTEM OWNS

16/01/2021

RELEASED
Created by egotisticalSW

Machine Synopsis

Tenet is a Medium difficulty machine that features an Apache web server. It contains a Wordpress blog with a few posts. One of the comments on the blog mentions the presence of a PHP file along with it's backup. It is possible after identificaiton of the backup file to review it's source code. The code in PHP file is vulnerable to an insecure deserialisation vulnerability and by successful exploiting it a foothold on the system is achieved. While enumerating the system it was found that the Wordpress configuration file can be read and thus gaining access to a set of credentials. By using them we can move laterally from user `www-data` to user `Neil`. Further system enumeration reveals that this user have root permissions to run a bash script through `sudo`. The script is writing SSH public keys to the `authorized_keys` file of the `root` user and is vulnerable to a race condition. After successful exploitation, attackers can write their own SSH keys to the `authorized_keys` file and use them to login to the system as `root`.

Machine Matrix

Ready to start your
hacking journey?