Three (3) new exclusive Machines landed in Dedicated Labs in August, focusing on CVE exploitation, Azure Key Vault, Path Traversal, and more!
- Identifierexploits an SSRF vulnerability in a Python app to retrieve an Azure Key Vault token, decrypt SSH credentials, and ultimately gain root access via command injection in an Azure Function App.
- Archiveexploits an Arbitrary File Read vulnerability to extract credentials from an SQLite database, then escalate privileges by uncovering an administrator password stored in a user-uploaded file.
- Shamanexploits CVE-2024-40628 and CVE-2024-40629 to gain access to a JumpServer by extracting FTP credentials. You’ll achieve remote code execution (RCE), reset the JumpServer admin credentials, and gain root access via SSH by leveraging MFA.