Machine Synopsis

HackNet is a medium difficulty Linux machine that features a hacker-themed social networking site built with Django. By registering an account and enumerating site functionality, we can identify a Server-Side Template Injection (SSTI) flaw in the likes widget and abuse it to enumerate template context variables. Using a small script to automate payload testing, we leak sensitive user data (emails and passwords) from the users who liked a post, allowing us to obtain valid SSH credentials and gain an initial foothold. For privilege escalation, the box highlights a weakness in Django’s FileBasedCache mechanism that allows cache poisoning via Pickle deserialization, then pivots to GPG key/passphrase recovery to decrypt database backups and ultimately obtain root access.