Build
Linux
Medium
5
MACHINE RATING82
USER OWNS56
SYSTEM OWNS05/08/2025
RELEASEDMachine Synopsis
Build is an easy-rated Linux machine which involves reading sensitive files from unauthenticated rsync shares, leading to exposing an encrypted Jenkins password. The attacker manages to decrypt the password, which allows them to access GitLab. The repository owned by the admin on GitLab has a webhook configured, allowing attackers to gain arbitrary code execution and a shell in the Docker container. The Docker container has access to MySQL and PowerDNS, both of which run on another container on the same Docker network. The container also has a mounted file called `.rhosts`, which is also mounted in the host machine's root directory. MySQL is misconfigured not to have the root's password, allowing an attacker to gain complete control over the database. The attacker can now either crack the admin's hash or directly modify the `intern`/`admin` DNS record pointing towards the attacking machine, assuming the same `.rhosts` file is mounted on the host machine too, allowing them to get a root session over Remote Shell Protocol (RSH).
Machine Matrix
