Pentester Academy: Weakest Link

Initial login
Containers Available
Adding the root to the container
Showing both systems access
Grabbing the flag from the host file system
  1. A weak credential being used on the Portainer GUI
  2. No protections for brute-force dictionary attacks
  3. No restrictions to access resources on the host machine
  4. No logging or monitoring to find this abusive behavior

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
ArtilleryRed

ArtilleryRed

21 Followers

Cyber Enthusiast and sharing some knowledge in a systematic way