https://maccioniandrea.com/tags/git-leak/ Recent content in Git Leak on Maccioni Andrea - Portfolio Hugo en Sun, 14 Jun 2026 00:00:00 +0000 https://maccioniandrea.com/posts/htb-gavel-writeup/ Sun, 14 Jun 2026 00:00:00 +0000 https://maccioniandrea.com/posts/htb-gavel-writeup/ <p><strong>Difficulty:</strong> Medium<br> <strong>Operating System:</strong> Linux</p> <hr> <h1 id="executive-summary">Executive Summary</h1> <p>Gavel is a Linux machine that combines source code disclosure, application security flaws, and custom software analysis to achieve full system compromise.</p> <p>The attack begins with an exposed Git repository, leading to source code disclosure and identification of a PDO placeholder confusion vulnerability. After obtaining administrative access to the web application, arbitrary PHP code execution is achieved through insecure runtime rule evaluation. Finally, a custom root-owned service is reversed and abused to gain root privileges.</p>