Machine Synopsis

`Era` is a medium difficulty Linux machine that features an insecure `PHP` web application alongside a weakly protected system service. First, web enumeration reveals insecure file handling and authentication logic, which can be leveraged to obtain an administrator session. Further inspection of the application's source code reveals a vulnerable file-preview mechanism that enables remote code execution through `PHP` stream wrappers. Finally, upon gaining remote access, a root-executed scheduled task reveals a monitoring binary with an easily bypassed `ELF` signature check that can be overwritten to achieve full system compromise.