

Dockerlabs - Injection
Injection
โ๏ธ Introduction
We will solve the Injection machine from Dockerlabs, which will allow us to achieve the following learning objectives:
โขUsing SQL injection to exploit vulnerabilities in web pages.
โขEscalate privileges using binaries.
๐ Initial Scan
First, we will deploy the machine with Docker and obtain the target machineโs IP address.
We will use Nmap to scan open ports and gather information about them.
The scan results show two open ports: port 22 (SSH) and port 80 (HTTP).
We open the browser and see a login page.
๐ SQL Injection
We tried different common usernames and passwords to gain access, but were unsuccessful.
So, we attempted to inject SQL code to bypass the security. We enter the following code: โ or 1=1 โ
After the SQL injection is successful, we log in and see the user โdylanโ and his password
๐ SSH Access
We go to the console to try accessing via SSH with the obtained credentials.
We successfully logged in, but we are still not the root user.
๐ Privilege Escalation
We need to escalate privileges, so we check if the user can execute commands or has root privileges.
We see that there are different SUID files with root privileges. In this case, we will use /env.
๐ฃ Exploitation
We will take advantage of this to escalate privileges using the gtfobins page, which provides a command to exploit the execution of the env binary.
After running the command, we get a shell, and upon checking, we see that we are now the root user.
๐ Conclusion
Through this process, we successfully completed the Injection machine challenge from Dockerlabs. Using SQL injection and binaries, we have gained full access to the machine. It is a simple machine designed to help learn how to use SQL injection and search for SUID files, allowing us to better understand how to exploit common system vulnerabilities.
โ Back to Write Ups