Roquefort 🔸

Enumeration

Initial Access

At port 3000 there is a gitea instance. We can create a user.

In the pre-receive hook, we can put a reverse shell.

Get the flag.

Privilege Escalation

Transfer linpeas.

We can write to /usr/local/bin so we can create a run-parts file that will be executed as root.

We wait and...

Post Exploitation

Get the flag.