Browse through public repositories. Look for configuration files (like .env or config.php ) that might contain secrets. Exploit Git Hooks: If you find a repository you can edit: Navigate to Settings > Git Hooks . Edit the pre-receive or post-update hook.
Check /mnt or other unusual directories for files belonging to the host system.
Gitea is the primary vector for gaining a foothold on this machine. Identifying the Vulnerability hackfail.htb
Ensure that configuration files for security tools like Fail2Ban are only writable by the root user.
Always keep Gitea and other web services patched to the latest version. Browse through public repositories
Navigating to the IP address on port 80 reveals a custom web application. Further directory busting or clicking through links often reveals a development sub-domain or a linked service. In the case of HackFail, you will encounter a instance, a self-hosted Git service popular among developers. 🏗️ Phase 2: Initial Access (Exploiting Gitea)
Add a command to one of the scripts (like iptables-multiport.conf ) that creates a SUID binary or sends a reverse shell. Edit the pre-receive or post-update hook
If you'd like to dive deeper into any of these steps, I can provide: The used for initial discovery. A Python script to automate the Gitea hook exploit. The Fail2Ban configuration details for the root exploit.