Build
Linux
Medium
5
MACHINE RATING32
USER OWNS24
SYSTEM OWNS05/08/2025
RELEASEDMachine Synopsis
Build is an easy-rated Linux machine which involves reading sensitive files from unauthenticated rsync shares, leading to exposing the encrypted Jenkins password. The attacker manages to decrypt the password, which allows them to access GitLab. The repository owned by the admin on GitLab has a webhook configured, allowing attackers to gain arbitrary code execution and get a shell in the Docker container. The Docker container has access to MySQL and PowerDNS, which run on another container on the same Docker network. The container also has a mounted file called `.rhosts`, which is also mounted in the host machine's root directory. MySQL is misconfigured not to have the root's password, allowing an attacker to gain complete control over the database. The attacker can now either crack the admin's hash or directly modify the `intern`/`admin` DNS record pointing towards the attacking machine, assuming the same `.rhosts` file is mounted on the host machine too, allowing them to get a root session over Remote Shell Protocol (RSH).
Machine Matrix
