Cat
Linux
Medium
3.5
MACHINE RATING5077
USER OWNS4532
SYSTEM OWNS01/02/2025
RELEASEDMachine Synopsis
Cat is a medium-difficulty Linux machine that features a custom PHP web application vulnerable to cross-site scripting (XSS), which can trigger an `onerror` event to bypass the application's security filters. Leveraging this XSS vulnerability, we can perform cookie hijacking to steal an administrator's cookie and elevate our privileges in the application. We can then perform a SQL Injection on a SQLite database to get remote code execution by storing a malicious web shell in the database. With access to the internal application database, we can recover a password from the database by cracking its hash to gain access as a user who has group membership to read server logs. These logs leak a clear-text password to a user accessing an internally hosted Gitea instance on version 1.22.0, vulnerable to an XSS attack via `[CVE-2024-6886](https://nvd.nist.gov/vuln/detail/CVE-2024-6886)` due to improper input sanitization. By exploiting `[CVE-2024-6886](https://nvd.nist.gov/vuln/detail/CVE-2024-6886)`, we can read a private Gitea repository containing a credential for the root user.
Machine Matrix
