Machine Synopsis
Down is an easy-rated Linux machine that involves exploiting an arbitrary file read by bypassing a protocol-based filter to discover the source code of the running PHP web app, eventually, a remote code execution to gain an initial foothold. The attacker finds a readable `pswm` encrypted file in the user's home directory. The `pwsm` uses Python's `cryptocode` module and a master password to encrypt and decrypt the data. The attacker is supposed to write a small script to decrypt the blob and compromise the user. The compromised user is a member of the `sudo` group, allowing the user to escalate and obtain root access.
Machine Matrix