Visual is all about abusing a Visual Studio build process. There’s a website that takes a hosted Git URL and loads a Visual Studio project from the URL and compiles it. I’ll stand up a Gitea server in a container and host a project with a pre-build action that runs a command and gets a shell. From there, I’ll drop a webshell into the XAMPP web root to get a shell as local service. This service is running without SeImpersonate privileges, but I’ll use the FullPower executable to recover this, and then GodPotato to get System.

0xdf hacks stuff

The post discusses how to abuse a Visual Studio build process to achieve remote code execution. It covers setting up a Gitea server, hosting a malicious project, and using pre-build commands to execute arbitrary code. The author also explores gaining a shell as a local service and escalating privileges to achieve system-level access.

HTB: Visual