Machine Synopsis

Appsanity is a hard-difficulty Windows machine focused on application misconfigurations both on the web and locally. The web applications showcase several vulnerabilities, including an Access Control issue during sign-up, enabling unauthorized access to a higher-privileged account. Additionally, flawed session management permits attackers to use a `JWT token` from one domain to access a subdomain. This secondary domain has a file upload vulnerability, which, coupled with Server-Side Request Forgery (SSRF), allows the uploading and execution of an `.aspx` file to establish a reverse shell. Locally, two attack vectors are present: one involves decompiling a `C#` binary to uncover a registry key holding a user password, and the other entails analyzing a `C++` binary to spot a DLL Hijacking opportunity, granting the attacker administrative code execution.