In this video walk-through, we demonstrated gaining root access to a docker container running a web server with an SQL database. We started off by exploiting a reflected XSS vulnerability in the website that is running an e-commerce marketplace. This enabled us to proceed and gain administrative access to the admin account where we discovered an SQL injection that let us go further and reveal the database records. We used the records to login as SSH and perform privilege escalation by exploiting the wild card in the archiving tool tar which eventually landed us in a docker container. By mounting the root file system to a container of our choice, we were able to extract the root flag.
This post covers the answers for The Marketplace room in TryHackMe.
In computing terms, containerization is the process of packaging an application and the necessary resources (such as libraries and packages) required into one package named a container. The process of packaging applications together makes applications considerably portable and hassle-free to run.
Modern applications are often complex and usually depend on frameworks and libraries being installed on a device before the application can run. These dependencies can:
- Be difficult to install depending on the environment the application is running (some operating systems might not even support them!)
- Create difficulty for developers to diagnose and replicate faults, as it could be a problem with the application’s environment – not the application itself!
- Can often conflict with each other. For example, having multiple versions of Python to run different applications is a headache for the user, and an application may work with one version of Python and not another.
What are Docker Containers?
Docker is a relatively hassle-free, extensive and open source containerisation platform. The Docker ecosystem allows applications (images – we’ll come onto this in a later room) to be deployed, managed and shared with ease.
Working on Linux, Windows and MacOS, Docker is a smart choice for running applications. Applications can be published as “images” and shared with others. All that is required is pulling (downloading) the image and running it with Docker.
Docker employs the same technology used in containerisation to isolate applications into containers called the Docker Engine. The Docker Engine is essentially an API that runs on the host operating system, which communicates between the operating system and containers to access the system’s hardware (such as CPU, RAM, networking and disk)
Because of this, the Docker engine is extensive and allows you to do things like:
- Connect containers together (for example, a container running a web application and another container running a database)
- Export and import applications (images)
- Transfer files between the operating system and container
Docker uses the programming syntax YAML to allow developers to instruct how a container should be built and what is run. This is a significant reason why Docker is so portable and easy to debug; share the instructions, and it will build and run the same on any device that supports the Docker Engine.
What is flag 2? (User.txt)
What is flag 3? (Root.txt)