Machine Synopsis

Sandworm is a Medium Difficulty Linux machine that hosts a web application featuring a `PGP` verification service which is vulnerable to a Server-Side Template Injection (`SSTI`), leading to Remote Code Execution (`RCE`) inside a `Firejail` jail. Plaintext credentials can be discovered within the jail, which lead to `SSH` access to the machine as one of its users. From there, a cronjob is discovered, which compiles and runs a `Rust` binary. The program relies on a custom, external logging crate to which the user has write access, which is then used to obtain a shell as the `atlas` user running the cronjob. Finally, a recent `Firejail` exploit (`CVE-2022-31214`) is used to create a sandbox where the attacker can run the `su` command and obtain a `root` shell on the target system.