DockerLabs
Found 9 related articles
Back to Tags- 2025-03-11
ApiBase - API Endpoint Enumeration and Privilege Escalation
Technical writeup detailing the compromise of a DockerLabs API-based system. Methodology includes Nmap scanning, API endpoint enumeration (GET/POST methods), credential brute-forcing via Caido, file transfer (SCP), and PCAP network analysis using Wireshark to extract critical credentials for root access.
- 2025-03-03
Internship - Multi-Stage Exploitation via SQLi and Steganography
Technical writeup covering multi-stage compromise of the 'Internship' challenge. The methodology progresses from SQL Injection authentication bypass and user data extraction to a targeted SSH brute-force attack (Hydra). Privilege escalation involves script modification for horizontal movement, culminating in steganography analysis (Steghide) for final root access.
- 2024-10-31
StellarJWT - JWT Exploitation and Chained SUID Privilege Escalation
Technical writeup detailing the compromise of the 'StellarJWT' challenge. The methodology involves identifying and decoding an exposed JSON Web Token (JWT) for user enumeration, followed by a dictionary attack using Hydra for SSH access. Privilege escalation is achieved through a chained exploitation of NOPASSWD SUID binaries: using 'socat' for horizontal movement and 'chown' for '/etc/passwd' modification to gain final root access.
- 2024-10-25
Verdejo - SSTI Exploitation and Base64 SUID Privesc Chain
Technical writeup detailing the compromise of the 'Verdejo' challenge. Initial access is gained by exploiting a Server-Side Template Injection (SSTI) vulnerability via Jinja2 to obtain a reverse shell. Privilege escalation is achieved by exploiting NOPASSWD SUID on '/usr/bin/base64' to read the root SSH private key, which is then cracked using ssh2john and JohnTheRipper for final root access.
- 2024-10-09
BreakMySSH - Exploiting OpenSSH CVE-2018-15473 for Root Access
Technical writeup detailing the compromise of the BreakMySSH challenge. Methodology covers Nmap scanning, exploiting the OpenSSH 7.7 Username Enumeration vulnerability (CVE-2018-15473) to identify a valid user, followed by a targeted password brute-force attack using Hydra to gain root access.
- 2024-10-01
WalkingCMS - WordPress Exploitation via Theme Editor and SUID Privilege Escalation
Technical writeup detailing the compromise of the WalkingCMS challenge. Initial access involves enumerating a WordPress installation via Gobuster, credential cracking using WPScan, and achieving a reverse shell by modifying the theme's index.php file. Final root access is achieved by exploiting a vulnerable SUID binary, '/usr/bin/env', using standard Linux privilege escalation techniques.
- 2024-09-18
Injection - SQLi Authentication Bypass and SUID Privilege Escalation
Technical writeup covering the compromise of the 'Injection' challenge. Methodology includes port scanning, exploitation of a SQL Injection vulnerability for authentication bypass (' OR 1=1-- -), securing initial access via SSH, and leveraging a vulnerable SUID binary ('env') via GTFObins for root privilege escalation.
- 2024-09-17
Trust - SSH Brute-Force and Vim Sudo Privilege Escalation
Technical writeup detailing the compromise of the 'Trust' challenge. Methodology includes Nmap scanning and web fuzzing via Gobuster to identify hidden resources, a targeted Hydra brute-force attack to obtain SSH credentials, and final privilege escalation by exploiting the NOPASSWD sudo permission on the Vim binary.
- 2024-09-16
FirstHacking - Exploiting vsftpd 2.3.4 Backdoor (CVE-2011-2523)
Technical writeup demonstrating the exploitation of the vsftpd 2.3.4 backdoor (CVE-2011-2523) vulnerability on a DockerLabs environment. Methodology covers Nmap service detection, exploit identification via Searchsploit, remote command execution via the FTP service, and achieving immediate root access.