DockingStation

By Yaakov Cohen

DockingStation

We connected to the server, and after poking around a bit we saw that they left docker.sock opened. Let's see what info we can get.

Running curl --unix-socket /var/run/docker.sock http/containers/json?all=1 gaves us a list of 4 containers. Only the first one was relevant:

 

Since the system was read-only we ran the next step from our command line:

 

The long number is the Id of the container we are trying to extract, galf is flag in reverse.

After the file finished downloading we extracted it and found a bash script named galf.sh:

 

In /home/flag_is_here we found flag.txt: BSidesTLV{i_am_r34dy_t0_esc4p3_th3_d0ck3r!}

Success