In this video we are solving tryhackme's new ctf challenge - umbrella by - [ tryhackme.com/p/brunofight ]. We will see how to enumerate docker registry running on default port 5000, and pulling the docker image locally and enumerating that and later saw some realization moments that one should sleep well to do well, and eventually rooted the box using mounted logs directory b/w the main box docker container and claire-r user and setting up SUID bit on sh shell to gain privesc to root. Hope you'll learn something new.
[ tryhackme - tryhackme.com/room/umbrella ]
⭐️ Video Contents ⭐
⌨️ 0:00 ⏩ Hindi Intro {{ Lol }}
⌨️ 0:47 ⏩ Starting Ctf
⌨️ 3:48 ⏩ Initial Enumeration (Docker Registry)
⌨️ 7:10 ⏩ Got DB_PASS
⌨️ 13:35 ⏩ Initial Foothold on the box
⌨️ 16:45 ⏩ Gaining shell on main box via Node js webserver on 8080
⌨️ 23:20 ⏩ PrivEsc To Root (Setting up SUID on sh shell)
⌨️ 27:00 ⏩ Final POVs
P.S - i love yall sm 🙏🚀❤️
Follow me on social media:
● / hoodietramp
● / inimitablekunal
● / hoodietramp
Github:
● github.com/hoodietramp
Mastodon:
● mastodon.social/@h00dy
● defcon.social/@h00dy
Join 345y🛸:
● / discord
#redteam #ctf #tryhackme #hacking #thm
29 июн 2024
