Stacked
Stacked
Stacked 379
Stacked
RETIRED MACHINE

Stacked

Stacked - Linux Linux
Stacked - Insane Insane

4.1

MACHINE RATING

477

USER OWNS

402

SYSTEM OWNS

18/09/2021

RELEASED
Created by TheCyberGeek

Machine Synopsis

Stacked is an insane difficulty Linux machine that focuses on LocalStack / AWS exploitation. Initial access is obtained by exploiting a Cross-Site Scripting vulnerability in a web form, redirecting the client to an internal mail system where details about a LocalStack implementation are disclosed. An interactive shell on the LocalStack container is gained by exploiting [CVE-2021-32090](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32090). After escalating privileges in the container via a command injection vulnerability in the `docker create` command that is automatically triggered whenever a lambda function is executed, a new container with a mapping to the host file system can be created, resulting in `root` access to the host.

Machine Matrix

Ready to start your
hacking journey?