Exploiting Gitlab 11.4.7 & Escaping a Privileged Docker Container - Ready @ HackTheBox
We are going to solve Ready, a 30-point machine on HackTheBox. For user, we exploit the “Import Repo by URL” Feature in Gitlab to SSRF into Redis and add a background job which then gives us a reverse shell. For root, we can mount the host filesystem into our privileged docker container.
This post is licensed under CC BY 4.0 by the author.