This blog post explains cross-session relay attacks, covering COM/DCOM basics and authentication flaws. It details how attackers exploit weak configurations to relay credentials.
Cat is a medium-difficulty Linux machine featuring a custom PHP web application vulnerable to XSS, which allows cookie hijacking and privilege escalation. A SQL injection in a SQLite database enables remote code execution and access to internal logs, which leak plaintext credentials. These are used to access a vulnerable Gitea instance (CVE-2024-6886), ultimately leading to the discovery of root credentials in a private repository.
Titanic is an easy Linux machine with a booking site and a Gitea instance. An arbitrary file read vulnerability allows access to Gitea's SQLite database, leading to cracked SSH credentials. A scheduled script using a vulnerable magick binary (CVE-2024-41817) is exploited for root access.
