We demonstrated gaining root access to a docker container running a web server with an SQL database. We started off by exploiting a reflected XSS vulnerability in the website that is running an e-commerce marketplace. This enabled us to proceed and gain administrative access to the admin account where we discovered an SQL injection that let us go further and reveal the database records. We used the records to login as SSH and perform privilege escalation by exploiting the wild card in the archiving tool tar which eventually landed us in a docker container. By mounting the root file system to a container of our choice, we were able to extract the root flag. This was part of TryHackMe The Marketplace.

Room Answers

What is flag 1?

What is flag 2? (User.txt)

What is flag 3? (Root.txt)

Video Walkthrough

Dockers, tryhackme, TryHackMe The Marketplace

Show Comments

Motasem

About the Author

I create cybersecurity notes, digital marketing notes and online courses. I also provide digital marketing consulting including but not limited to SEO, Google & Meta ads and CRM administration.

View Articles

Exploiting Docker Container with E-Commerce Website | TryHackMe The Marketplace

Leave a Reply Cancel reply

Motasem

About the Author

Other stories

Escaping Web Server Docker Container with SSRF | TryHackMeThe Great Escape

Printer Exploitation | Part one | HackTheBox Gawk

Press ESC to close

Exploiting Docker Container with E-Commerce Website | TryHackMe The Marketplace

Leave a Reply Cancel reply

Motasem

About the Author

Share Article:

Other stories

Escaping Web Server Docker Container with SSRF | TryHackMeThe Great Escape

Printer Exploitation | Part one | HackTheBox Gawk