Amaterasu

A 5-point machine on Proving Grounds Play.

Executive Summary

The target machine contained a vulnerable web app which allowed for arbitrary file upload. Leveraging this to overwrite a critical user configuration file allowed remote access to that user account. A cron job accessing information from a lower-privileged directory could then be exploited to gain privileged code execution. Full root shell access was gained by adding an additional root user using the privileged code execution.