HackTheBox - OpenSource - Attacking a Python WebApp and Backdooring GIT Configurations

00:00 - Intro 01:18 - Start of nmap 02:50 - Identifying a Docker exists based upon the Python Version in NMAP SSH Version [MasterRecon] 04:23 - Navigating to the website downloading the source code available, there is a git folder switching branches 08:00 - Discovering a vulnerability in the command, if we prefix our path with a slash it will overwrite the entire path 11:25 - Attempting to upload a malicious cron, docker isn’t running cron so it doesn’t work 14:37 - Adding a new route to the application to execute commands 18:00 - Able to run commands and get the output 19:30 - Creating an endpoint to send reverse shells in the webapp 21:45 - Reverse shell returned 24:30 - Looking at port 3000 which was previously filtered. Looks like its a Gitea interface but we don’t have creds 27:10 - Uploading Chisel and tunneling to access the website 29:20 - Looking at old git commits from the source code and finding credentials 33:30 - Downloading a SSH