Here’s how I’ve solved the Bitlab machine on Hack The Box.
As usual we start of with a nmap scan:
root@kali:~# nmap -p- -sV 10.10.10.114
Nmap scan report for 10.10.10.114
Host is up (0.044s latency).
Not shown: 65533 filtered ports
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 7.6p1 Ubuntu 4ubuntu0.3 (Ubuntu Linux; protocol 2.0)
80/tcp open http nginx
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 221.44 seconds
The scan shows an nginx web server and ssh. If we visit the web server we’ll find a Gitlab instance. Gitlab is used by developers to host their source code. I tried searching for exploits but nothing came up.
As the developer we find two code repos, Profile and Deploy. We only care about the Profile one, any edits we make to the repo get reflected in the http://10.10.10.114/profile page, because Gitlab auto deploy is configured that way.