Headless
Headless
Headless 594
Headless
RETIRED MACHINE

Headless

Headless - Linux Linux
Headless - Easy Easy

4.6

MACHINE RATING

14689

USER OWNS

14063

SYSTEM OWNS

23/03/2024

RELEASED
Created by dvir1

Machine Synopsis

Headless is an easy-difficulty Linux machine that features a `Python Werkzeug` server hosting a website. The website has a customer support form, which is found to be vulnerable to blind Cross-Site Scripting (XSS) via the `User-Agent` header. This vulnerability is leveraged to steal an admin cookie, which is then used to access the administrator dashboard. The page is vulnerable to command injection, leading to a reverse shell on the box. Enumerating the user’s mail reveals a script that does not use absolute paths, which is leveraged to get a shell as root.

Machine Matrix

Ready to start your
hacking journey?