Machine Synopsis

Store is a Hard difficulty box that hosts a Node.js web application, allowing file uploads and storage. The app is vulnerable to Arbitrary File Read, which lets us read configuration files and recover SFTP credentials. We can also dump the host’s environment variables and discover the app was started with `--inspect`, with the Node inspector listening on port `9229`. By abusing SFTP for port forwarding, we can tunnel that internal inspector port to our machine, attach and run JavaScript to spawn a reverse shell as user `dev`. For privilege escalation, the ChromeDriver service on port `9515` can be abused via its WebDriver API to execute a malicious script and gain a root shell.