🛑
This box is still active on HackTheBox. Once retired, this article will be published for public access as per HackTheBox's policy on publishing content from their platform.
Clicking the Subscribe button below WILL NOT get you access to this article (although I would be grateful for your subscription otherwise).
Clicking the Subscribe button below WILL NOT get you access to this article (although I would be grateful for your subscription otherwise).
Initial Foothold Hint:
- Don't get stuck in rabbit holes
- Can you find the CVE for the vulnerable software?
- Most public exploits don't work as documented, due to conditions on the target. How else might you be able to exploit the vulnerability to get into the vulnerable service?
- There is another public exploit to facilitate this, but just plain old
curl
can get you in depending on your comfort level with APIs and source code review.
- There is another public exploit to facilitate this, but just plain old
Privilege Escalation Hint:
- Did you find any interesting files that point to any other interesting "names"?
- You may already have some credentials to get you into the service
- This service is just a front-end for managing Docker
- With Docker we can mount a folder from the host file system and read privileged files, how might you do this with this particular service managing Docker?