HackTheBox - Busqueda Writeup
Busqueda is an easy Hack The Box Linux machine involving command injection in a Python module for initial access. Credentials found in a Git config file provide access to a local Gitea instance. A system checkup script with root permissions exposes Docker container credentials for the Gitea admin. Abusing a relative path vulnerability in the script leads to root RCE and full privilege escalation.
python mysql gitea rce searchor 2.4.0 docker docker-inspect 
