New York Flankees

New York Flankees

Enumeration

Port 22 and 8080-http are open
Checking the request, we found a script function that leaks a token.
Custom Authentication Success
Modifying a little bit the token, we received a decryption error message.
Advanced exploiter for Padding Oracle Attacks against CBC mode Encryption.
Running the script, we got the 'stefan1197' credentials.
We got access through the login page.
First Flag, and a potential Command Injection Vulnerability.
Testing the Web Application.
Bash Reverse Shell
Uploading the
Granting Executable Permissions.
Executing the bash reverse shell. Don't forget to start listening with Netcat in order to receive the Shell.
We got a Reverse Shell. It seems that we are inside a Container.
Checking the environment. We got the second flag.
It seems that /app is holding all the interesting files.
Checking docker-compose.yml; we found an interestig file 'docker.sock'
There's a method to escape from the container utilizing a technique. Hacktricks solved this problem.
First, we require the IMAGE ID, and to identify the Repository based on the TAG.
We require a stable shell. Then, we are able to run the image mounting the host disk and chroot on it.
We finally escaped from the Container and got the last flag.






















要查看或添加评论,请登录

Eduardo Cochella的更多文章

  • Billing

    Billing

    Enumeration: After running a simple service - version scan, we discovered three ports open. Port 22-ssh, 80-http…

  • You Got Mail

    You Got Mail

    Enumeration Let's start this room by running Nmap. We can see the smtp, pop3 and imap are in the server.

  • Lookup - TryHackMe

    Lookup - TryHackMe

    Basic Scan: SSH and HTTP are running. NMAP basic scan Analyzing the Web Application: We had to deal with a login page.

  • Cheese CTF

    Cheese CTF

    NMAP enumeration It seems the all ports are running. Checking port 80, we found that a web application is running.

    1 条评论
  • Attacktive Directory

    Attacktive Directory

    NMAP enumeration shows up an Active Directory environment - Kerberos Port 88 DNS_Domain_Name: spookysec.local User…

  • Injectics

    Injectics

    Enumeration Ports 22 and 80 are open Web Application running on port 80 Checking the source code, we found an…

  • CyberLens

    CyberLens

    Enumeration Don't forget to manually define the IP addresses associated with the specific hostname After a deep…

  • CREATIVE

    CREATIVE

    Enumeration Ports 22 and 80 are open Web App Analysis - Nothing interesting Let's look for some subdomains -…

  • Hack Smarter Security

    Hack Smarter Security

    Enumeration Ports 21, 22, 80, 1311, and 3389 are open Checking port 21 we found some Credit Cards and a Stolen Passport…

    1 条评论
  • Crocc Crew

    Crocc Crew

    Enumeration Facing an Active Directory Checking for possible users utilizing xato-net-10-million-usernames.txt from…

社区洞察

其他会员也浏览了