Machine Synopsis

Principal is a medium difficulty machine that is themed around misplaced cryptographic trust. The foothold exploits [CVE-2026-29000](https://nvd.nist.gov/vuln/detail/CVE-2026-29000), an authentication bypass in pac4j-jwt's JwtAuthenticator where a PlainJWT wrapped inside a valid JWE envelope bypasses signature verification entirely. After forging an admin token and extracting SSH credentials from the corporate dashboard, privilege escalation abuses an SSH CA configuration that trusts any certificate signed by the CA without validating the principal (username) claim, allowing us to forge a certificate for root. Both attack stages exploit the same class of flaw: a system that verifies the cryptographic envelope but never validates the identity claim inside it.