Exploiting Gitlab 11.4.7 & Escaping a Privileged Docker Container - Ready on HackTheBox

We are going to solve Ready, a 30-point machine on HackTheBox. For user, we exploit the "Import Repo by URL" Feature in Gitlab to SSRF into Redis and add a background job which then gives us a reverse shell. For root, we can mount the host filesystem into our privileged docker container. Join the discord: https://discord.gg/qdbJqXKPQ3 ! [ Timestamps ] 00:00 Intro 00:21 User 04:19 Root [ Notes & Links ] • https://liveoverflow.com/gitlab-11-4-7-remote-code-execution-real-world-ctf-2018/ • https://book.hacktricks.xyz/linux-unix/privilege-escalation/docker-breakout [ Desktop ] • https://github.com/xct/kali-clean [ About ] • https://vulndev.io • https://twitter.com/xct_de • https://github.com/xct • https://www.patreon.com/xct This is purely educational content - all practical work is done in environments that allow and encourage offensive security training.

Category