DOCKER ESCAPE
OFFSEC - Proving Grounds - COBBLES
·2914 words·14 mins
OFFSEC PG PRACTICE
ZONEMINDER
HAPROXY
DOCKER ESCAPE
Gain initial access via credentials or ZoneMinder exploit. As www-data, exploit HAProxy failover to access backup server as root in Docker. Escalate by copying bash to shared mount for host root access.
OFFSEC - Proving Grounds - SIROL
·2888 words·14 mins
OFFSEC PG PRACTICE
KIBANA
GLUSTERFS
DOCKER ESCAPE
Exploit Kibana 6.5.0 (CVE-2019-7609) for initial access, then mount the host filesystem to get root or exploit glusterfs (CVE-2018-1088) to escalate to root via a created cronjob.