Machine Information

• Difficulty: Easy
• OS: Linux
• Key Concepts: TensorFlow/Keras Vulnerability, File Upload, Privilege Escalation Through Backrest service

Overview

Artificial is an Easy Linux machine from HackTheBox that demonstrates the dangers of accepting user uploaded machine learning models. The path to root involves exploiting a TensorFlow remote code execution vulnerability, database credential extraction, and abusing a backup service to read the root flag.