HTB: Craft

Posted on 05 Jan 2020 in security • Tagged with security, boot2root, HTB, git, gogs, api, vault, linux • 6 min read

Craft card

This is a writeup about a retired HacktheBox machine: Craft This box is classified as a medium machine. The user part is quit long and involve to find "secrets" in a git repository, access an API to get a reverse shell and manipulate a MySQL database in a jailed environment. The root part is quit easier and involve to interact with a vault instance.


Continue reading

Git, remove unwanted data from history

Posted on 23 Nov 2014 in Programming • Tagged with git, programming, leak • 1 min read

Recently I put unwanted data (a password) in one of my git commit. This commit was not push to an public server (like github or bitbucket) therefore there was no real security breach other than my git history.

The problem was to remove the data by rewriting the git history …


Continue reading