writeup

A fairly easy ‘medium’ box, once the couple of key concepts used are known. Very good CVE to demonstrate and good to read deeper on as a directory traversal example

This box shows it pays to check every link during enumeration (tip: spidering). The box is probably pitched too high at hard, it’s more of a medium box imho

A box rated medium, but given the needed CVE leaps off the google search pages there isn’t a huge challenge to this one. Probably better rated as easy but still a good, well-put-together room

Recon to foothold First off we’ll take the information given and add the hostnames fortress and temple.fortress to our /etc/hosts file Now let’s scan to find what we’re dealing with. A masscan to start rob:Fortress/ $ sudo masscan -p1-65535,U:1-65535 10.10.6.73 --rate=1000 -e tun0 [sudo] password for rob: Starting masscan 1.3.2 (http://bit.ly/14GZzcT) at 2021-09-25 15:23:25 GMT Initiating SYN Stealth Scan Scanning 1 hosts [131070 ports/host] Discovered open port 5581/tcp on 10.10.6.73 Discovered open port 22/tcp on 10....

Difficult in 2 ways. A very sneakily hidden initial clue and then a complex escalation path, for me at least!

The container escape can be tricky if you take the harder route :smile: justifying the ‘medium’ difficulty tag