Read my writeup to Busqueda macine on:
TL;DR
User: While monitoring port 80
, we discovered that it was utilizing version 2.4.0
of Searchor
. After examining the source code on Githu
b, we identified a command injection vulnerability within the eval
function. Leveraging this vulnerability, we were able to obtain a reverse shell as svc
. We subsequently located the svc
password within the .git
directory’s config
file.
Root: Upon running sudo -l
, we determined that we could execute the /opt/scripts/system-checkup.py
script as root
. We then utilized the Python script to run the docker-inspect
command, allowing us to inspect the currently running containers. Through this process, we discovered the credentials for Gitea
. By creating a tunnel to Gitea
, we were able to access the source code for system-checkup.py
.
After thoroughly analyzing the source code, we determined that we could create our own script and utilize the system-checkup.py
argument to execute it with root privileges.