Machine Synopsis

Developer is a hard machine that outlines the severity of tabnabbing vulnerability in web applications where attackers can control the input of an input field with `target="_blank"` allowing attackers to open a new tab to access their malicious page and redirect the previous tab to an attacker controlled location if mixed with an XSS injection. This attack leads to fooling site users and administrators into entering their credentials into a phishing template of the original site's login. Subdomain enumeration via the administration panel in Django leads to abusing the debug mode in Sentry's monitoring application which reveals a secret key which can then be used to perform django de-serialization attacks through cookie deserialization. Privelege escalation involves reversing a Rust application which contains a hardcoded nonce, key and ciphertext which users can retieve and decoded through AES-CTR algorithm to gain the application's password to gain a system shell on the target.