Machine Synopsis

Scavenger is a hard difficulty Linux machine running various services such as DNS, SMTP, Whois etc. The whois service is found to be vulnerable to SQL injection, exploitation of which reveals vhosts. The vhosts are enumerated to find a hidden PHP backdoor, which is used to execute code on the server. A forward shell is used to gain access to FTP credentials, resulting in access to a compromised user account. The user's home profile contains a hidden rootkit, which is decompiled. The information gained from this is used to elevate to a root shell.