Union
Union
Union 418
Union
RETIRED MACHINE

Union

Union - Linux Linux
Union - Medium Medium

5

MACHINE RATING

1159

USER OWNS

1037

SYSTEM OWNS

22/11/2021

RELEASED
Created by ippsec

Machine Synopsis

Union is an medium difficulty linux machine featuring a web application that is vulnerable to SQL Injection. There are filters in place which prevent SQLMap from dumping the database. Users are intended to manually craft union statements to extract information from the database and website source code. The database contains a flag that can be used to authenticate against the machine and upon authentication the webserver runs an iptables command to enable port 22. The credentials for SSH are in the PHP Configuration file used to authenticate against MySQL. Once on the machine, users can examine the source code of the web application and find out by setting the X-FORWARDED-FOR header, they can perform command injection on the system command used by the webserver to whitelist IP Addresses.

Machine Matrix

Ready to start your
hacking journey?