OpenKeyS
OpenKeyS
OpenKeyS 267
OpenKeyS
RETIRED MACHINE

OpenKeyS

OpenKeyS - OpenBSD OpenBSD
OpenKeyS - Medium Medium

3.8

MACHINE RATING

5445

USER OWNS

5250

SYSTEM OWNS

25/07/2020

RELEASED
Created by polarbearer & GibParadox

Machine Synopsis

OpenKeyS is a medium difficulty OpenBSD machine that features a web server on port 80. Enumeration of the server using `GoBuster` reveals a `Vim` swap file. This contains the code that the website uses for authentication, and was last edited by a user called `Jennifer`. Analysis of the code reveals the file `check_auth` which uses the OpenBSD authentication framework, and allows web users to login using server credentials. This version of the authentication framework is found to be insecure, and after successful exploitation the login page is bypassed. Due to insecure PHP coding, it is possible to set the username to `Jennifer` through the usage of cookies, and acquire SSH credentials. Enumeration of the server confirms the OS version in use to be `6.6` which is vulnerable to a privilege escalation exploit. Attackers can leverage the file `/usr/X11R6/bin/xlock` to become a member of the `auth` group, after which they can leverage the `S/Key` authentication option to add an entry for the `root` user and escalate their privileges.

Machine Matrix

Ready to start your
hacking journey?