Librarium
Settings

Hamlet TryHackMe Walkthrough & Docker Container breakout Privilege escalation

CTF Security
dockerescapeprivilege escalationpythonwebanno

Hamlet is a CTF room that challenges learners to find their way through a system. On a high level, this Shakespeare/Hamlet-inspired room allows learners to explore an uncommon web application used in linguistic/NLP research (WebAnno). Cleverly exploiting some misconfigurations, the learners gain access to a Docker container from which they eventually have to escape in order to get full access to the underlying system. Aside from this main path, the system also contains some additional services to explore and experiment with.

TOPICS COVERED Navigate and exploit specialized and uncommon software (WebAnno).

Creatively leverage the intended capabilities of an application in an attack.

Create custom wordlists from websites.

Leverage PHP web shells.

SUID Linux privilege escalation.

Escape from a Docker container that runs --privileged.

Decrypting yescrypt hashes.

Exploiting ufw enabled machine in conjunction with Docker.

RESOURCES Hamlet room https://tryhackme.com/room/hamlet

Official writeup https://github.com/IngoKl/THM-Hamlet

Additional resources https://book.hacktricks.xyz/linux-unix/privilege-escalation/docker-breakout/docker-breakout-privilege-escalation

https://blog.trailofbits.com/2019/07/19/understanding-docker-container-escapes/

https://pentestmonkey.net/tools/web-shells/php-reverse-shell

https://pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheet

TOOLS Nmap netcat Burpsuite php-reverse-shell cewl JohnTheRipper

SUPPORT CTF-SEC ON OTHER SOCIAL MEDIA Patreon: https://www.patreon.com/computertechforum YouTube https://m.youtube.com/channel/UCMq4uUwcWnYgfe3z5w3Kt7A

Buy me a coffee https://paystack.com/pay/olajeedae

00:00 Introduction 02:08 Editing /etc/hosts file 05:26 (Flag 1) /robot.txt 06:15 Scanning the web server nmap 08:00 Accessing Anonymous FTP 10:16 (Flag 2) Connecting to port 501 14:30 Accessing proxy server 14:55 Bypassing Web Annotations login page 29:23 Enumerating users 30:08 Changing Ophelia Password 32:20 (Flag 3) Ophelia FTP Login 34:43 Uploading php reverse shell 38:02 Gaining a reverse shell 40:10 Enmerating for SUID Binary 42:38 Cracking etc/shadow root hash 46:05 (Flag 4 & 5) root directory 48:39 (Micheal's password) 49:12 Docker Container breakout 56:21 (Flag 6) Root

#hamlet #WebAnno #Docker #DockerBreakout #DockerEscape #Privesc #Enumeration #EthicalHacking #SUID #Shakespeare #WebApp #Bypass #yescript #remoteshell #ctfsec ... https://www.youtube.com/watch?v=B-QLZwSrAWA

2024-07-24
0.0 LBC
Copyrighted (contact publisher)

260598265 Bytes