PowerDNS

This is a Medium Linux box that hosts an rsync directory containing credentials for a Gitea intance. It is possible to change a file that is part of the Jenkins pipeline and will execute code of our choice. With code execution inside a Docker container, a file informs that users from a certain hostname can login to the box through rlogin. A database instance is accessible that contains a database related to a DNS server, which can be altered to associate the attacker’s IP to the allowed hostname, giving access to the main machine as root. ...