Skip to content

Details

Facts is an easy-difficulty Linux machine that begins with the discovery of a Camaleon CMS instance. By identifying the CMS version and exploiting a mass-assignment vulnerability (CVE-2025-2304), it is possible to escalate privileges within the application and obtain access to sensitive MinIO S3 credentials. These credentials provide access to an internal bucket containing an encrypted SSH private key.

Related topics

Cybersecurity
Digital Forensics

You may also like