OrbitDesk
OrbitDesk is an operations support platform used by a managed services company for deployment synchronization, vendor previews, and backup management.
Due to rushed infrastructure deployment, several internal services and automation workflows were unintentionally exposed to external users.
Your objective is to simulate a real-world red-team engagement and determine how far an attacker can pivot through the environment.
Can you move from external access to complete root compromise?
1
Internal Preview Exposure
The vendor preview functionality appears to communicate with external resources. Investigate the behavior carefully and determine whether internal services can also be reached.
Q1.
Capture the first flag.
flag
+100 pts
Localhost filtering is not always implemented correctly.
2
Signed Config Disaster
An internal configuration import system trusts signed YAML documents. Abuse the import workflow to gain remote code execution on the target server.
Q1.
Capture the second flag.
flag
+100 pts
Unsafe deserialization becomes dangerous when signatures can be forged.
3
Deployment Synchronization Pivot
After gaining command execution, enumerate the environment for sensitive operational files and deployment credentials. Pivot into another user account and capture the next flag.
Q1.
Capture the user flag.
flag
+100 pts
Backup directories often contain more than archived files.
Submit Flag