https://chiefdennis.github.io/tags/docker-escape/Recent content in Docker Escape on Chief Dennis' BlogHugoenMon, 10 Jun 2024 13:07:16 +0100https://chiefdennis.github.io/posts/htb_runner/Mon, 10 Jun 2024 13:07:16 +0100https://chiefdennis.github.io/posts/htb_runner/<p><img src="https://chiefdennis.github.io/posts/htb_runner/Scr_29.png#center" alt="image"></p> <p>The Runner HTB machine is a medium difficulty level HackTheBox Machine. The main techniques and tools used to crack this machine are:</p> <pre><code>- Subdirectory discovery with ffuf - CVE-2024-27198 - Hash cracking with JohnTheRipper - Docker escape - CVE-2024-21626 </code></pre> <h2 id="reconnaissance"> Reconnaissance <a class="heading-link" href="#reconnaissance"> <i class="fa-solid fa-link" aria-hidden="true" title="Link to heading"></i> <span class="sr-only">Link to heading</span> </a> </h2> <p>We start a broad Nmap scan by executing the following command:</p> <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-sh" data-lang="sh"><span class="line"><span class="cl">sudo nmap -sS -T5 -vvv -p- 10.10.11.13 -Pn -oG nmap_inicial </span></span></code></pre></div><p>Where the arguments mean:</p>