Compiled starts with a website designed to compile Git projects from remote repos. I’ll abuse a CVE in this version of Git to get RCE and a shell. To pivot to the next user, I’ll find the Gitea SQLite database and extract the user hashes. I’ll format that hash into something Hashcat can crack, and recover the password, which is also used by the user on the system. To get system, I’ll abuse a CVE in Visual Studio.

0xdf hacks stuff

The post describes the process of exploiting a machine named 'Compiled' on Hack the Box (HTB). It involves initial reconnaissance with nmap to find open ports, bypassing restrictions and vulnerabilities in Git to gain Remote Code Execution (RCE), and leveraging a version of Visual Studio to escalate privileges. Furthermore, the attacker cracks password hashes from the Gitea SQLite database using Hashcat and explains a detailed process of gaining system-level access by exploiting a Visual Studio vulnerability.

HTB: Compiled