Command Injection, Prototype Pollution & Kubernetes - Unobtainium @ HackTheBox
This video is about Unobtainium, a 40-point Linux machine on HackTheBox. For user, we download an electron app and proxy it through burp to find some credentials, which we can then use on an API endpoint. Combining a command injection & prototype pollution will then lead to a first shell on a container. For root, we pivot onto a development container & use a token we find there to query Kubernetes for secrets. This leads to an admin token which we can use to spawn a privileged container & then escape it by mounting the host filesystem
Resources
This post is licensed under CC BY 4.0 by the author.