OpenSource Write-Up by evyatar9

Read my writeup for OpenSource machine on


User: From the file we found dev01 credentials on dev branch, According to the source code we create a new route to get RCE, Create a tunnel using chisel scan for port 3000 and we found it on with Gitea, Log in to Gitea using dev01 credentials (from the dev branch) and we get the id_rsa of dev01 user.

Root: By running pspy we found the root runs git commit command, Using Git Hooks pre-commit we add a reverse shell to the pre-commit script and we get a reverse shell as root.