Ensure that configuration files for security tools like Fail2Ban are only writable by the root user.
Look for API keys or database passwords. hackfail.htb
If /var/run/docker.sock is accessible, you can use it to spawn a new container that mounts the host's root filesystem. 👑 Phase 4: Privilege Escalation to Root Ensure that configuration files for security tools like
Disable Git hooks for non-admin users in Gitea's app.ini . 👑 Phase 4: Privilege Escalation to Root Disable
Check the web application for leaked credentials or look for "Register" buttons that might be open.
Navigating to the IP address on port 80 reveals a custom web application. Further directory busting or clicking through links often reveals a development sub-domain or a linked service. In the case of HackFail, you will encounter a instance, a self-hosted Git service popular among developers. 🏗️ Phase 2: Initial Access (Exploiting Gitea)
The first step in any penetration test is understanding the attack surface. Port Scanning A standard Nmap scan reveals two open ports: Open, running OpenSSH. Port 80 (HTTP): Open, serving a web application. Web Discovery
