Machine Synopsis

Hancliffe is a hard difficulty Windows machine, which mainly focuses on web attacks and binary exploitation. Foothold is obtained by exploiting a Server Side Template Injection vulnerability (`CVE-2018-16341`) after gaining access to an internal application due to an inconsistency in URI normalization between Nginx and Java, which leads to a reverse proxy bypass. A remote code execution vulnerability in Unified Remote 3 is then exploited to move laterally and discover Firefox stored credentials, which allow access to a password manager application where credentials of a development user can be retrieved. Finally, a buffer overflow vulnerability in a custom application running with `Administrator` privileges is exploited to gain a high privileged shell on the target system.