First off, great video! Really loved the RCE using a lambda function! Around 57:50, you ask, "what did I just do". If you go to 57:41 you'll notice you changed your working directory to /root, the correct directory you wanted was /mnt/root, since the host's files system is mounted to /mnt/ within the docker container. I've made this mistake more times than I'd like to admit lol but we should call this out since all of us will hit the same using kubernetes, k3s, docker, etc.
@BluEhui092 жыл бұрын
There are a lot of things.. oh god I have to rewatch this again
@chiragartani2 жыл бұрын
I will watch this tonight. 🙌 Gonna ask you question after watching the video :).
@Vogel422 жыл бұрын
"fetch" is the modern replacement for XMLHttpRequest
@cmdsecure2 жыл бұрын
Superb!
@ne5i_2 жыл бұрын
Ooh, also, ‘-it’ in ‘docker run’ means ‘interactive, allocate tty’
@AUBCodeII2 жыл бұрын
It is also a great mnemonic: "run IT"
@ctf592 жыл бұрын
Creating a CSRF to force the victim to navigate to pages and send us the date, read his email to discover an S3 Domain "date" or "data" ?) спасибо за видео.
@sand3epyadav2 жыл бұрын
I always see your terminal, when you open burpsuite and send any reqwest using burp, suddenly red light poped... how?....
@MohammedElamineHalia2 жыл бұрын
hacking is the next gaming
@ijustcantseeit2 жыл бұрын
This could actually be a pretty accurate insight I think
@MohammedElamineHalia2 жыл бұрын
@@ijustcantseeit yeah when you take a look at the metaverse and what the future holds you'll say its inventable that everyone must learn hacking and security
@takeshikovacs10812 жыл бұрын
awesome! thanks for sharing
@ingresssmurf51202 жыл бұрын
Thanks man
@declanmcardle2 жыл бұрын
t means allocate tty/pty in run/start/exec commands, t means tag in build
@MD45642 жыл бұрын
Full Stack = Full Stocker Developer
@pythonxsecurity82872 жыл бұрын
i work in another method but gg you have good idea good work bro you are the best
@spandexvortex10972 жыл бұрын
When you mounted host's '/' to docker's '/mnt' directory, and put the public ssh key in root's .ssh, does it also get written to host's root .ssh?
@muhammadghareeb3992 жыл бұрын
u r the best
@GC-rg6in2 жыл бұрын
Why did you not search for 200 codes in the vhost gobuster output?? Thanks
@helyosis15092 жыл бұрын
I didn't really understand the privesc part, if a docker container has access to the docket command, it doesn't create containers inside the container but create them on the host instead ?
@ne5i_2 жыл бұрын
Pretty much! If you look at when he opens the docker-compose file, you can see that the host’s docker socket is mounted as a volume in the container. By default, volumes are read/write, so the container can create containers on the host
@ne5i_2 жыл бұрын
If you look into the software ‘portainer’, this is the way it works!
@troopsleader40662 жыл бұрын
What can i learn before starting with HACK THE BOX??
@AUBCodeII2 жыл бұрын
TryHackMe?
@readysetexploit2 жыл бұрын
TryHackMe, and/or overthewire, HTB also has academy modules and a starting point module for beginners
@sand3epyadav2 жыл бұрын
Hack the box academy, i am vip user from 1 year.
@xXThePr0Xx2 жыл бұрын
You can just escape docker containers to the host that easily?
@ippsec2 жыл бұрын
In this case yes, because the docker container was allowed to spawn other docker containers.
@xXThePr0Xx2 жыл бұрын
@@ippsec okay crazy, didn't know that
@kiriappeee2 жыл бұрын
This is why you never run docker in docker if you can help it. When can you expect this irl? With kubernetes, a lot of people are putting their deployment pipelines, CICD infra into kubernetes itself because you get easy "scalability"; each build runs in its own docker container. Injecting code into a build, or finding a poorly configured instance presents a chance you can get code execution into a build container which could end up having the privileges needed. A lot of this has been patched now in most tools but one slip up in configuration and an attacker could find what they need. Can't say much more given Google's acceptable content guidelines. I'll just say that that I evaluated this attack path when considering build tools where I work and this was a real world attack path that came up.
@crusader_2 жыл бұрын
Where are the timestamps
@ippsec2 жыл бұрын
Look in the description, where they should be :) Just busy with an event this weekend and didn't have time to create the timestamps.