Exploiting Docker Container with E-Commerce Website | TryHackMe The Marketplace

💡Dockers Study Notes: Basics, Hacking and Security https://buymeacoffee.com/notescatalog/e/479632 ***** In this video walk-through, we demonstrated gaining root access to a docker container running a web server with an SQL database. We started off by exploiting a reflected XSS vulnerability in the website that is running an e-commerce marketplace. This enabled us to proceed and gain administrative access to the admin account where we discovered an SQL injection that let us go further and reveal the database records. We used the records to login as SSH and perform privilege escalation by exploiting the wild card in the archiving tool tar which eventually landed us in a docker container. By mounting the root file system to a container of our choice, we were able to extract the root flag. ********* Writeup https://motasem-notes.net/exploiting-docker-container-with-e-commerce-website-tryhackme-the-marketplace-2/ Resources https://docs.docker.com/ https://tryhackme.com/room/marketplace Understanding Docker container escapes https://blog.trailofbits.com/2019/07/19/understanding-docker-container-escapes/#:~:text=The%20SYS_ADMIN%20capability%20allows%20a,security%20risks%20of%20doing%20so. ***** Patreon https://www.patreon.com/motasemhamdan?fan_landing=true Instagram https://www.instagram.com/dev.stuxnet/ Twitter https://twitter.com/ManMotasem Facebook https://www.facebook.com/motasemhamdantty/ LinkedIn [1]: https://www.linkedin.com/in/motasem-hamdan-7673289b/ [2]: https://www.linkedin.com/in/motasem-eldad-ha-bb42481b2/ Website https://www.motasem-notes.net Backup channel https://www.youtube.com/channel/UCF2AfcPUjr7r8cYuMvyRTTQ My Movie channel: https://www.youtube.com/channel/UCilElKPoXEaAfMf0bgH2pzA ******