<- HTB

GoodGames


10 minutes to read

GoodGames
Hack The Box. Linux. Easy machine. This machine has website that is vulnerable to SQL injection where we can extract a password to access an internal website that is vulnerable to SSTI. Then, we get access to a Docker container that mounts a directory from the machine, so that we can abuse it to escalate privileges. Basic web exploitation skills and Docker breakout techniques are needed in order to compromise this machine. This write-up uses a custom Python script to compromise the entire machine from scratch