Machine Synopsis

OpenKeyS is a medium difficulty OpenBSD machine that features a web server on port 80. Enumeration of the server using `GoBuster` reveals a `Vim` swap file. This contains the code that the website uses for authentication, and was last edited by a user called `Jennifer`. Analysis of the code reveals the file `check_auth` which uses the OpenBSD authentication framework, and allows web users to login using server credentials. This version of the authentication framework is found to be insecure, and after successful exploitation the login page is bypassed. Due to insecure PHP coding, it is possible to set the username to `Jennifer` through the usage of cookies, and acquire SSH credentials. Enumeration of the server confirms the OS version in use to be `6.6` which is vulnerable to a privilege escalation exploit. Attackers can leverage the file `/usr/X11R6/bin/xlock` to become a member of the `auth` group, after which they can leverage the `S/Key` authentication option to add an entry for the `root` user and escalate their privileges.