Machine Synopsis

Ouija is an Insane difficulty Linux machine, featuring a small number of vulnerabilities but with lengthy and complicated steps needed to exploit them. Initially, a web application that is protected behind `HAProxy` is encountered, where exploiting `[CVE-2021-40346](https://nvd.nist.gov/vuln/detail/CVE-2021-40346)` leads to access to a protected subdomain. Through this subdomain, the source code of the API hosted on port `3000` and its initialisation script are found, leading to the discovery of a hash length extension attack which when exploited, grants access to a file-reading endpoint of the API, through which SSH private keys can be retrieved. After gaining access to the local system, an internal `PHP` web application will be discovered, which uses a C-shared-object function vulnerable to an integer overflow. Exploiting it leads to root access to the system.