We covered a Docker container running a web server that is vulnerable to server side request forgery. We used that vulnerability to execute system commands and gain access to sensitive information stored inside git commits. We learned that a Docker daemon runs on port 2375 but in order to probe and access that container we need to perform port knocking to open the port 2375. Afterwards, we mounted the complete host file system.. This was part of TryHackMe The GreatEscape.

Room Answers

Find the flag hidden in the webapp

Find the root flag?

Find the real root flag

Video Walkthrough

Dockers, tryhackme, TryHackMeThe Great Escape

Show Comments

Motasem

About the Author

I create cybersecurity notes, digital marketing notes and online courses. I also provide digital marketing consulting including but not limited to SEO, Google & Meta ads and CRM administration.

View Articles

Escaping Web Server Docker Container with SSRF | TryHackMeThe Great Escape

Leave a Reply Cancel reply

Motasem

About the Author

Other stories

Escaping Docker Containers Using Linux Capabilities | TryHackMe The Docker Rodeo

Exploiting Docker Container with E-Commerce Website | TryHackMe The Marketplace

Press ESC to close

Escaping Web Server Docker Container with SSRF | TryHackMeThe Great Escape

Leave a Reply Cancel reply

Motasem

About the Author

Share Article:

Other stories

Escaping Docker Containers Using Linux Capabilities | TryHackMe The Docker Rodeo

Exploiting Docker Container with E-Commerce Website | TryHackMe The Marketplace