Hack The Box Busqueda Walkthrough Python Code Injection & Gitea Privilege Escalation

Описание: In this walkthrough of the *Busqueda* machine on Hack The Box, I demonstrate the exploitation of a command injection vulnerability in a Python module without relying on any guides. I developed a custom approach to exploit the vulnerability, leading to user-level access. For the privilege escalation phase, I sought a hint to navigate through the complexities of the Gitea service and the system checkup script.

What You'll Learn:
Conducting Nmap scans to identify open ports and services
Enumerating the web application and discovering it uses Searchor 2.4.0
Exploiting a command injection vulnerability in the Searchor module to gain a reverse shell
Analyzing the `.git` directory to retrieve credentials
Accessing the Gitea service using the obtained credentials
Discovering a root-executed system checkup script and analyzing its source code
Exploiting a relative path reference in the script to achieve Remote Code Execution (RCE) with root privileges

This guide is ideal for those preparing for certifications like OSCP or anyone looking to enhance their Linux exploitation skills through practical, real-world scenarios.

Machine Link: https://app.hackthebox.com/machines/B...

If you find this walkthrough helpful, please like, comment, and subscribe for more cybersecurity content!

#HackTheBox #Busqueda #CTF #CyberSecurity #EthicalHacking #PenetrationTesting #LinuxExploitation #PrivilegeEscalation #PythonCodeInjection #OSCP