Machine Synopsis
OnlyForYou is a Medium Difficulty Linux machine that features a web application susceptible to a Local File Inclusion (LFI), which is used to access source code that reveals a Blind Command Injection vulnerability, leading to a shell on the target system. The machine runs several local services, one of which uses default credentials and exposes an endpoint vulnerable to a `Cypher` injection. Exploiting this vulnerability leaks hashes from the `Neo4j` database, granting `SSH` access to the machine. Finally, a misconfigured `sudoers` file allows the `pip3 download` command to be run with `root` privileges. Privilege escalation is achieved by creating and hosting a malicious `Python` package on the local `Gogs` service and downloading it.
Machine Matrix