Skip to content

Roquefort 🔸

Enumeration

Initial Access

At port 3000 there is a gitea instance. We can create a user.

In pre-receive hook we can put a reverse shell.

Get the flag

Privilege Escalation

Transfer linpeas

We can write to /usr/local/bin so we can create a run-parts file that will be executed as root

We wait and

Post Exploitation

Get the flag