Read my writeup for OpenSource machine on
TL;DR
User: From the source.zip file we found dev01 credentials on dev branch, According to the source code we create a new route to get RCE, Create a tunnel using chisel scan for port 3000 and we found it on 172.17.0.1 with Gitea, Log in to Gitea using dev01 credentials (from the dev branch) and we get the id_rsa of dev01 user.
Root: By running pspy we found the root runs git commit command, Using Git Hooks pre-commit we add a reverse shell to the pre-commit script and we get a reverse shell as root.