This lab simulates a scenario where a Linux server has been compromised by an attacker. The attacker gains an initial foothold by exploiting a known CVE (Common Vulnerability and Exposure) in the system. Using this vulnerability, the attacker is able to gain access to a Docker container running on the server. From within the container, the attacker performs a Docker escape to break out of the container’s isolated environment and gain access to the underlying host system. Once the attacker has shell access to the host system, they escalate privileges to root and establish persistence through multiple techniques to maintain access.
Initial Access: Investigate how the attacker exploited a CVE to gain initial access to the system.
Privilege Escalation (Docker Compromise): Identify how the attacker gained access to a Docker container.
Docker Escape: Analyze how the attacker escape the Docker container to access the host system.
Post-Escape Privilege Escalation: Investigate how the attacker escalated privileges to root on the host system.
Persistence Mechanisms: Examine how the attacker maintained access through persistence techniques like cron jobs and SSH keys.
You will get access to all the evidence collected from the breached server.
Password: threatbreach.io
| Link To Evidence | SHA256 |
|---|---|
| 🔗 Tb-Prod-Server-02-volume_dump.img.tar.gz | f30df45eceb2eaf3adcc6a12ab9aa344bd912ed6321b1a8a0175bf3edc37c5db |
| 🔗 1d2bfbeb9546_grav-cms_1.7_1_0.tar | 83aaebcb277d20a7ac8540f0e94c6b745d1517e7c994e61fe65ab4fed6290649 |
Writeup will be published soon, If you want to send your writeup to be evaluated share it on labs[@]threatbreach.io