Cybermonday
Cybermonday
Cybermonday 557
Cybermonday
RETIRED MACHINE

Cybermonday

Cybermonday - Linux Linux
Cybermonday - Hard Hard

3.1

MACHINE RATING

731

USER OWNS

663

SYSTEM OWNS

19/08/2023

RELEASED
Created by Tr1s0n

Machine Synopsis

Cybermonday is a hard difficulty Linux machine that showcases vulnerabilities such as off-by-slash, mass assignment, and Server-Side Request Forgery (SSRF). The initial foothold involves exploiting a mass assignment vulnerability in the web application and executing Redis commands through SSRF using CRLF injection. For lateral movement, the source code of the API is analyzed, followed by exploiting an LFI vulnerability to retrieve the password for the user `john`. The privilege escalation to `root` is achieved by leveraging SUDO privileges, allowing user `john` to build and run a docker container from any Docker Compose file.

Machine Matrix

Ready to start your
hacking journey?