Machine Synopsis

Unattended is a medium difficulty Linux box which needs a good knowledge of SQL and its programming flaws. A path traversal on the web server can be exploited to get the source code of the PHP pages. A SQL injection flaw is found, which can be exploited using nested unions to gain LFI. The LFI can then be leveraged to RCE via log files or sessions file. Database access allows the www user to change the configuration and inject commands into a cronjob running as a user. The user is a member of the grub group, which has access to the kernel image through which the root password can be obtained.