Seal
Seal
Seal 358
Seal
RETIRED MACHINE

Seal

Seal - Linux Linux
Seal - Medium Medium

4.8

MACHINE RATING

5466

USER OWNS

5437

SYSTEM OWNS

10/07/2021

RELEASED
Created by MrR3boot

Machine Synopsis

Seal is a medium difficulty Linux machine that features an admin dashboard protected by mutual authentication. Enumeration of git logs from Gitbucket reveals tomcat manager credentials. Exploitation of Nginx path normalization leads to mutual authentication bypass which allows tomcat manager access. Foothold is obtained by deploying a shell on tomcat manager. An ansible playbook found to be running at intervals and vulnerable to arbitrary file read thus allows us moving laterally. Root shell is gained by exploiting a sudo entry.

Machine Matrix

Ready to start your
hacking journey?