SQLi, SSTI & Docker Escapes / Mounted Folders - HackTheBox University CTF "GoodGame"

John Hammond
John Hammond
75,038
0
Published 2022-02-03
Join HackTheBox and start rooting boxes! j-h.io/hackthebox
Find some tips and tricks on their blog! j-h.io/htb-blog

For more content, subscribe on Twitch! twitch.tv/johnhammond010
If you would like to support me, please like, comment & subscribe, and check me out on Patreon: patreon.com/johnhammond010
PayPal: paypal.me/johnhammond010
E-mail: [email protected]
Discord: johnhammond.org/discord
Twitter: twitter.com/_johnhammond
GitHub: github.com/JohnHammond

If you would like to support the channel and I, check out Kite! Kite is a coding assistant that helps you code faster, on any IDE offer smart completions and documentation. www.kite.com/get-kite/?utm_medium=referral&utm_sou… (disclaimer, affiliate link)
All Comments (21)
  • @znation4434
    John: Literally shows the first docker escape I've ever seen Also John: "Wow I'm a dumbo"
  • @chillmechanic11
    When you didn't see the output for 22 port, it was because of your command. You did '> /dev/null' which made the succesful results go to null. What was needed is this: '2> /dev/null'
  • @relix12
    Even though I can understand each step taken individually I wouldn't be able to string them together with my current skillset, but I did find solace in the fact that I had previously ran into and solved the bash -p hick-up. (*Insert Leonardo pointing meme here* The bash -p issue I ran across previously!)
  • @sannyboi7298
    Awesome video. Love your energy, your passion comes through and it’s contagious.
  • @Logan_144
    yo btw Thought I would just say, I recently found your channel and with every video I watch I learn something new, interesting, or another way of doing something I never even thought of! I love your content and I am pretty sure I will be a consistent viewer from now on. Keep up the great work John! :D
  • @chillytheprogrammer
    I can’t believe how it only has one star of difficulty. I could never get that far
  • @zacharycook8179
    just wow man.. watching you do this is so satisfying. So inspiring. WE. WANT. MORE!!!!!!!!
  • @debarghyamaitra
    man the privesc was insane!! I didn't know that technique. Thanks John,
  • @HundleBundle47
    "We're root supposedly....but we're supposed to be user. Did we skip that?!" John out here too good for these level 1 boxes haha
  • @roguishowl3915
    Just started CTF and i love the challenges, my work is mind numbing, so these challenges are a great way to spend the remained of my work day.
  • @r34w0lf
    that was a cool privesc. learn't alot from this video. thanks!
  • @comradedad
    You are a master at your craft. Awesome video.
  • @Donder1337
    Dude this is insane man, never though it would be this easy.......
  • @R3APERSW4G
    mounted file systems are dangerous, that was fun to watch!
  • @TurtlesWrath
    4:30 "People are all excited about Battlefield" That didn't age well...