About

Hacker Blogs is one of the Information security blogs covering security domains.I'm a cybersecurity enthusiast! I'm working as an IT Security Engineer for a company in The India. I love writing scripts and doing research and pentesting. As a big fan of Hack The Box, I share my write-ups on this blog. I'm blogging because I like to summarize my thoughts and share them with you. Lorem Ipsum is simply dummy text of the printing and typesetting industry. Lorem Ipsum has been the industry's standard dummy text ever since the 1500s,when an unknown printer took a galley of type and scrambled it to make a type specimen book. It has survived not only five centuries, but also the leap into electronic typesetting,

15 May 2021

Ready

by Aju ALex

Ready is a medium difficulty Linux machine. A vulnerable version of GitLab server leads to a remotecommand execution, by exploiting a combination of SSRF and CRLF vulnerabilities. Bad permission on abacked up configuration file of the Gitlab server, reveals a password that is found to be reusable for theuser root, inside a docker container. After root access is acquired, escaping the container is possible sinceit is running in privileged mode.

Skills learned

SSRF & CRLF Attacks
Docker Escape

back