TryHackMe - The Great Escape (Medium)

15 Feb 2021 in Write-Ups on Write-up, Docker, Pentesting, Ethical-hacking, Beginner

A medium level room showcasing Docker container escape.

![logo2](/assets/images/write-ups/tryhackme/the_great_escape/logo2.png) * Enumeration {:.toc} # Intro Welcome to my first write-up on a medium-level box by TryHackMe. This is the sixth one on the series `Road to OSCP`, where I showcase known topics seen whilst preparing for the certification. We will see Docker containers, escaping such containers, command injection, and more! Find the room here: [TryHackMe - The Great Escape](https://tryhackme.com/room/thegreatescape) # Reconnaissance Let's start off with an nmap scan: ``` nmap 10.10.72.178 -sC -sV Starting Nmap 7.91 ( https://nmap.org ) at 2021-02-19 07:23 EST Nmap scan report for 10.10.72.178 Host is up (0.028s latency). Not shown: 998 closed ports PORT STATE SERVICE VERSION 22/tcp open ssh? |_ssh-hostkey: ERROR: Script execution failed (use -d to debug) 80/tcp open http nginx 1.19.6 | http-robots.txt: 3 disallowed entries |_/api/ /exif-util /*.bak.txt$ |_http-server-header: nginx/1.19.6 |_http-title: docker-escape-nuxt 1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service : SF-Port22-TCP:V=7.91%I=7%D=2/19%Time=602FADC6%P=x86_64-pc-linux-gnu%r(Gene SF:ricLines,5,"8!M\r\n"); Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 185.76 seconds ``` *Note the 185 seconds, what the...?* Also error in port 22. I did a further scan in port 22 and took forever to come back, but the one I did for only 80 came back really quick. That SSH smells as fishy as the honeypot I've got set up in my Raspberry Pi... Let's jump ahead to the website. # Port 80 ***UNDER CONSTRUCTION***

About

Welcome, and first of all thanks for your interest in me!

My name is Gabriel (he/him). I started publishing here in the format of a GitHub repo, as a means to create a journal of sorts during my college years, also trying to help fellow students by sharing all the new techniques I had been learning, or writing about stories I had discovered fascinating enough, or simply writing about topics I wanted to get further knowledge on to also practice and improve my writing skills. Thanks to the success of the initial posts and amazing feedback from my peers, I decided to invest more time and effort in turning the blog into a whole website to give something back to the community.

At the time of first publishing the website, I was a First-year BEng Cybersecurity & Digital Forensics Edinburgh Napier University associate student, and member of ENUSEC. I was getting re-trained from a 11 years long business, marketing and hospitality background pursuing the yearned dream of becoming a pentester.

Family and economic needs obligated me to push harder than hard to condense four years of study into one and skip the university experience. Although I felt I was going to miss out the uni experience, I was given a golden opportunity to show my talent and I got hired as a Junior Security Consultant at NCC Group, where you can further read my blog about my experience going through the Next Generation Talent Programme: NCC Group.

I’m not very fond of social media, so should you want to contact me, your best bet is via email; you can find it on the left-hand side panel. Don’t be shy, I am approachable and I will me more than happy to speaking with you!

TryHackMe - The Great Escape (Medium)

Subtle Labs

Error

Templates (for web app):

Error