Busqueda - Hackthebox (OSCP Prep) - TJ Nulls скачать в хорошем качестве

Busqueda - Hackthebox (OSCP Prep) - TJ Nulls

Busqueda is an Easy Difficulty Linux machine that involves exploiting a command injection vulnerability present in a Python module. By leveraging this vulnerability, we gain user-level access to the machine. To escalate privileges to root , we discover credentials within a Git config file, allowing us to log into a local Gitea service. Additionally, we uncover that a system checkup script can be executed with root privileges by a specific user. By utilizing this script, we enumerate Docker containers that reveal credentials for the administrator user's Gitea account. Further analysis of the system checkup script's source code in a Git repository reveals a means to exploit a relative path reference, granting us Remote Code Execution (RCE) with root privileges. Skills Required Web Enumeration Linux Fundamentals Python Basics ------------------ Skills Learned Command Injection Source-code Analysis Docker Basics ------------------ Tools manual enumeration CVE ------------------ Certifications: Practical Network Penetration Tester (PNPT) : TCM Security - https://certifications.tcm-sec.com/pnpt/ Practical Junior Penetration Tester (PJPT): TCM Security - https://certifications.tcm-sec.com/pjpt/ Practical Junior Web Tester (PJWT): TCM Security - https://certifications.tcm-sec.com/pjwt/ Certified Ethical Hacker (CEH): EC-Council -------------------- Socials: Tryhackme: https://tryhackme.com/p/NoxLumens Hackthebox: https://app.hackthebox.com/profile/17... Twitch:   / noxlumens