Shoppy
Shoppy
Shoppy 496
Shoppy
RETIRED MACHINE

Shoppy

Shoppy - Linux Linux
Shoppy - Easy Easy

4

MACHINE RATING

12360

USER OWNS

11870

SYSTEM OWNS

17/09/2022

RELEASED
Created by lockscan

Machine Synopsis

Shoppy is an easy Linux machine that features a website with a login panel and a user search functionality, which is vulnerable to NoSQL injection. It can be exploited to obtain the password hashes of all the users. Upon cracking the password hash for one of the users we can authenticate into the Mattermost chat running on the server where we obtain the SSH credentials for user `jaeger`. The lateral movement to user `deploy` is performed by reverse engineering a password manager binary, which reveals the password for the user. We discover that the user `deploy` is a member of the group `docker`. Its privileges can be exploited to read the root flag.

Machine Matrix

Ready to start your
hacking journey?