Unattended
Unattended
Unattended 184
Unattended
RETIRED MACHINE

Unattended

Unattended - Linux Linux
Unattended - Medium Medium

3.7

MACHINE RATING

791

USER OWNS

742

SYSTEM OWNS

13/04/2019

RELEASED
Created by guly

Machine Synopsis

Unattended is a medium difficulty Linux box which needs a good knowledge of SQL and its programming flaws. A path traversal on the web server can be exploited to get the source code of the PHP pages. A SQL injection flaw is found, which can be exploited using nested unions to gain LFI. The LFI can then be leveraged to RCE via log files or sessions file. Database access allows the www user to change the configuration and inject commands into a cronjob running as a user. The user is a member of the grub group, which has access to the kernel image through which the root password can be obtained.

Machine Matrix

Ready to start your
hacking journey?