New York Flankees TryHackMe Walkthrough | Medium

In this video we are hacking into tryhackme's new ctf challenge - NewYorkFlankees. In this video we will use oracle padding attack to decrypt the blob and get login creds for admin panel on port 8080, then we will upload a reverse shell on the box and gain that initial access on the box in a docker container, we will see 2 ways we can get the reverse shell, and at last we will escape docker container and gain access to the main host using - Mounted Docker Socket Escape as we have write perms on docker socket. Hope you'll learn something new. 🙏🚀❤️

[ tryhackme - https://tryhackme.com/r/room/thenewyo... ]

⭐️ Video Contents ⭐
⌨️ 0:00 ⏩ Intro
⌨️ 0:11 ⏩ Starting CTF (Initial Enumeration)
⌨️ 4:44 ⏩ Oracle Padding Attack
⌨️ 8:44 ⏩ Getting a reverse shell
⌨️ 15:42 ⏩ Escaping docker container
⌨️ 23:16 ⏩ Final POVs

Follow me on social media:
●   / hoodietramp  
●   / hoodietramp  

Blog:
● https://blog.h00dy.me

Github:
● https://github.com/hoodietramp

Mastodon:
● https://mastodon.social/@h00dy
● https://defcon.social/@h00dy
● https://infosec.exchange/@h00dy

Join 345y🛸:
●   / discord  

Support This Tramp!
Donations are not required but are greatly appreciated!
💸BuyMeACoffee: https://buymeacoffee.com/h00dy

#tryhackme #ctf #boot2root #redteam #walkthrough #pentesting