Retired
Retired
Retired 456
Retired
RETIRED MACHINE

Retired

Retired - Linux Linux
Retired - Medium Medium

4.7

MACHINE RATING

1143

USER OWNS

1078

SYSTEM OWNS

02/04/2022

RELEASED
Created by uco2KFh

Machine Synopsis

Retired is a medium difficulty Linux machine that focuses on simple web attacks, stack-based binary exploitation and insecure kernel features. Initial foothold is gained by exploiting a path traversal vulnerability in a web application, which leads to the discovery of an internal service that is handling uploaded data. The corresponding binary file, its dependencies and memory map can be downloaded via the same path traversal vector, and analysed to identify a buffer overflow vulnerability and obtain the necessary memory addresses and ROP gadgets to develop a working exploit, resulting in an interactive shell on the system. Lateral movement to a second low-privileged user is possible by performing a symlink attack on a scheduled backup script, gaining access to the user's home directory and their private SSH key file. Finally, a helper program that allows the user to write data to `/proc/sys/fs/binfmt_misc/register` is found, allowing for privilege escalation by leveraging the `credentials` flag when registering a custom handler for `root`-owned setuid files.

Machine Matrix

Ready to start your
hacking journey?