Busqueda is a Linux machine that can be exploited using a command injection vulnerability in a Python module, allowing the user to gain user-level access.
The user can then escalate their privileges to the root level and discover credentials in a Git config file, allowing them to log into a local Gitea service.
They can then execute a system checkup script with root privileges, enabling them to enumerate Docker containers that reveal administrator user Gitea account credentials.
By analyzing the script’s source code in a Git repository, they can exploit a relative path reference and gain remote code execution with root privileges.
The machine’s ports 22 and 80 are open, responding to SSH and HTTP traffic, respectively.
The SSH service is vulnerable to multiple exploits, including remote code execution and unauthorized access.
The machine is scanned using Nmap, which reveals open ports, running services, and potential vulnerabilities.
The article includes a scan report from Nmap detailing the services and vulnerabilities on the Busqueda machine.