Dockerlabs - Injection Dockerlabs - Injection

Dockerlabs - Injection

Injection

โœŒ๏ธ Introduction

We will solve the Injection machine from Dockerlabs, which will allow us to achieve the following learning objectives:

โ€ขUsing SQL injection to exploit vulnerabilities in web pages.

โ€ขEscalate privileges using binaries.

๐Ÿ”Ž Initial Scan

First, we will deploy the machine with Docker and obtain the target machineโ€™s IP address.

Deploy MAchine

We will use Nmap to scan open ports and gather information about them.

The scan results show two open ports: port 22 (SSH) and port 80 (HTTP).

Initial Scan

We open the browser and see a login page.

Default Apache

๐Ÿ“ SQL Injection

We tried different common usernames and passwords to gain access, but were unsuccessful.

Results Gobuster

So, we attempted to inject SQL code to bypass the security. We enter the following code: โ€™ or 1=1 โ€”

After the SQL injection is successful, we log in and see the user โ€˜dylanโ€™ and his password

Results Gobuster

๐Ÿ‘Š SSH Access

We go to the console to try accessing via SSH with the obtained credentials.

We successfully logged in, but we are still not the root user.

Results Gobuster

๐Ÿ”‘ Privilege Escalation

We need to escalate privileges, so we check if the user can execute commands or has root privileges.

We see that there are different SUID files with root privileges. In this case, we will use /env.

Results Gobuster

๐Ÿ’ฃ Exploitation

We will take advantage of this to escalate privileges using the gtfobins page, which provides a command to exploit the execution of the env binary.

Results Gobuster

After running the command, we get a shell, and upon checking, we see that we are now the root user.

Results Gobuster

๐Ÿ Conclusion

Through this process, we successfully completed the Injection machine challenge from Dockerlabs. Using SQL injection and binaries, we have gained full access to the machine. It is a simple machine designed to help learn how to use SQL injection and search for SUID files, allowing us to better understand how to exploit common system vulnerabilities.


โ† Back to Write Ups