Machine Synopsis

Intense is a hard difficulty Linux machine that features an open-source Flask application. Source code review reveals a SQL injection vulnerability, which is used to gain the administrator's password hash. This hash is used to perform a hash length extension attack in order to login as the administrator. A path traversal vulnerability is used to read SNMP configuration leading to command execution on the server. Finally, a custom note server is exploited to perform a ROP and gain a root shell.