Machine Synopsis

Barrier is a medium difficulty machine that features exposed credentials and exploiting SSO authentication, privileged API access and CI/CD runners. Initial access is gained by discovering credentials in a public repository and then exploiting a SAML authentication bypass in GitLab to obtain administrative access. From there, a CI/CD runner is abused to execute code and extract sensitive information from environment variables. With the authorization token, the Authentik API can be exploited to obtain administrative control of the identity platform. Access to the Authentik admin panel allows user impersonation and access to Apache Guacamole. Then an existing connection within Guacamole provides remote access to the host. Finally, a private SSH key is recovered from MySQL and privilege escalation is achieved through credential disclosure in shell history.