Faculty
Faculty
Faculty 480
Faculty
RETIRED MACHINE

Faculty

Faculty - Linux Linux
Faculty - Medium Medium

4.5

MACHINE RATING

3262

USER OWNS

3056

SYSTEM OWNS

02/07/2022

RELEASED
Created by gbyolo

Machine Synopsis

Faculty is a medium Linux machine that features a PHP web application that uses a library which is vulnerable to local file inclusion. Exploiting the LFi in this library reveals a password which can be used to log in as a low-level user called `gbyolo` over SSH. The user `gbyolo` has permission to run an `npm` package called `meta-git` as the `developer` user. The version of the `meta-git` installed on this box is vulnerable to code injection, whi ch can be exploited to escalate the privileges to the user `developer`. The privilege escalation to `root` can be performed by exploiting the `CAP_SYS_PTRACE` capability to inject shellcode into a process running as `root`.

Machine Matrix

Ready to start your
hacking journey?