Craft is a medium-difficulty Linux box that begins with exploring a public Git service called gogs. This box demonstrates a full attack chain involving an eval() injection vulnerability in a Python API, SQL credential extraction, database enumeration, and lateral movement via exposed SSH keys. …