Gogs RCE

This exercise covers how to get code execution against the Git self hosted tool: Gogs.

PRO
Tier
Hard
1-2 Hrs.
587
Green Badge

Course


In this course, you will learn to exploit a remote command execution (RCE) vulnerability in Gogs, a self-hosted git service. The vulnerability allows attackers to bypass authentication and gain administrator privileges by exploiting a session management flaw. Once authenticated as an administrator, the attacker can utilize git hooks to execute arbitrary commands on the server, demonstrating how vulnerabilities can be chained for greater impact.

The course is divided into two main parts: the first part focuses on bypassing authentication by manipulating session files through directory traversal. The second part demonstrates how to upload a malicious file to achieve code execution via git hooks. This exercise emphasizes the importance of understanding and combining different vulnerabilities to escalate privileges and achieve full system compromise.

Want to learn more? Get started with PentesterLab Pro! GO PRO