Machine Synopsis

Cache is a medium difficulty Linux machine. Enumeration of the website reveals a second website that is hosted on the same server under a different vhost. This website is an OpenEMR instance that suffers from a SQL injection vulnerability. Exploiting this vulnerability enables the attacker to retrieve the hashed password for user `openemr_admin`, which can be cracked offline in order to recover the plaintext password. These credentials can be used to exploit an authenticated Remote Command Execution vulnerability and achieve reverse shell as `www-data`, due to the outdated version of the OpenEMR instance. Inspection of the initial website reveals a JavaScript file containing credentials for the user `ash`, who is found to be a system user. Enumeration of the Memcached caching system also reveals the password for user `luffy`, who is a member of the docker group. This enables the user `luffy` to run any commands as root, from within a docker container.