Hack The Box Open Source Attacking a Python Web App and Backdooring GIT Configurations

00:00 Intro 01:18 Start of nmap 02:50 Identifying a Docker exists based upon the Python Version in NMAP + SSH Version MasterRecon 04:23 Navigating to the website downloading the source code available, there is a git folder switching branches 08:00 Discovering a vulnerability in the command, if we prefix our path with a slash it will overwrite the entire path 11:25 Attempting to upload a malicious cron, docker isn t running cron so it doesn t work 14:37 Adding a new route to the application to execute commands 18:00 Able to run commands and get the output 19:30 Creating an endpoint to send reverse shells in the webapp 21:45 Reverse shell returned 24:30 Looking at port 3000 which was previously filtered. Looks like its a Gitea interface but we don t have creds 27:10 Uploading Chisel and tunneling to access the website 29:20 Looking at old git commits from the source code and finding credentials 33:30 Downloading a SSH