Developer
Developer
Developer 372
Developer
RETIRED MACHINE

Developer

Developer - Linux Linux
Developer - Hard Hard

4.7

MACHINE RATING

737

USER OWNS

655

SYSTEM OWNS

21/08/2021

RELEASED
Created by TheCyberGeek

Machine Synopsis

Developer is a hard machine that outlines the severity of tabnabbing vulnerability in web applications where attackers can control the input of an input field with `target="_blank"` allowing attackers to open a new tab to access their malicious page and redirect the previous tab to an attacker controlled location if mixed with an XSS injection. This attack leads to fooling site users and administrators into entering their credentials into a phishing template of the original site's login. Subdomain enumeration via the administration panel in Django leads to abusing the debug mode in Sentry's monitoring application which reveals a secret key which can then be used to perform django de-serialization attacks through cookie deserialization. Privelege escalation involves reversing a Rust application which contains a hardcoded nonce, key and ciphertext which users can retieve and decoded through AES-CTR algorithm to gain the application's password to gain a system shell on the target.

Machine Matrix

Ready to start your
hacking journey?