Machine Synopsis

Forgot is a Medium Difficulty Linux machine that features an often neglected part of web exploitation, namely Web Cache Deception (`WCD`). The box's foothold consists of a Host Header Injection, enabling an initial bypass of authentication, which is then coupled with careful enumeration of the underlying services and behaviors to leverage WCD into leaking SSH credentials on an admin panel. Moreover, the machine then pivots into the territory of Code Injection, where after careful enumeration of a `Python` script, `CVE-2022-29216` is discovered, leading to privilege escalation using a vulnerable `Tensorflow` function.