Checker
Checker
Checker 649
Checker
RETIRED MACHINE

Checker

Checker - Linux Linux
Checker - Hard Hard

4.2

MACHINE RATING

1843

USER OWNS

1661

SYSTEM OWNS

22/02/2025

RELEASED
Created by 0xyassine

Machine Synopsis

Checker is a hard-level Linux machine running Teampass and Bookstack on separate ports. The Teampass version has a SQL injection vulnerability [CVE-2023-1545](https://nvd.nist.gov/vuln/detail/CVE-2023-1545) that can be exploited to obtain user password hashes. By cracking these hashes, we get the password for the Teampass user `bob`. Logging into Teampass reveals credentials for both Bookstack user `bob` and the SSH user `reader`. Attempting SSH login as `reader` user shows that two-factor authentication is enabled. Meanwhile, the Bookstack version is vulnerable to [CVE-2023-6199](https://nvd.nist.gov/vuln/detail/CVE-2023-6199), a local file read flaw via Blind SSRF, which can be exploited to retrieve the 2FA secret key for the `reader` user’s SSH account, enabling successful SSH login. We reverse engineer a binary for privilege escalation to root to discover a command injection vulnerability, which we then exploit using a custom script.

Machine Matrix

Ready to start your
hacking journey?