Pentester Academy: Weakest Link

Initial login
Containers Available
Adding the root to the container
Showing both systems access
Grabbing the flag from the host file system
  1. A weak credential being used on the Portainer GUI
  2. No protections for brute-force dictionary attacks
  3. No restrictions to access resources on the host machine
  4. No logging or monitoring to find this abusive behavior

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
ArtilleryRed

ArtilleryRed

Cyber Enthusiast and sharing some knowledge in a systematic way