Machine Synopsis

Obscurity is medium difficulty Linux machine that features a custom web server. A code injection vulnerability is exploited to gain an initial foothold as `www-data`. Weak folder permissions reveal a custom cryptography algorithm, that has been used to encrypt the user's password. A known-plaintext attack reveals the encryption key, which is used to decrypt the password. This password is used to move laterally to the user `robert`, who is allowed to run a faux terminal as root. This can be used to escalate privileges to root via winning a race condition or by overwriting `sudo` arguments.