HackTheBox - Runner

🔐 HackTheBox Walkthrough: Runner | Medium Difficulty | Linux 🐧

In this video, I'll take you through the exploitation of the Runner machine on HackTheBox, a medium-difficulty Linux box packed with real-world vulnerabilities and challenges.

🏃‍♂️ The journey begins with leveraging a vulnerability in TeamCity (CVE-2023-42793), allowing us to bypass authentication and extract an API token. This token opens the door to debug features that let us execute system commands. By accessing the TeamCity Docker container, we compress HSQLDB database files, extract credentials for one user, and find an SSH private key for another. After cracking the key's password, we gain access to the host filesystem.

🔍 While exploring, we discover a Portainer instance running on a subdomain. With the user's credentials, we authenticate and find a way to create images, although our privileges are limited. By checking the version of "runc" on the host, we exploit a vulnerability (CVE-2024-21626) that allows us to escape the container and gain root access through the Portainer's image build function.

💻 Finally, we create a SUID bash file on the mounted host filesystem, granting us a root shell and full control over the system.

If you're passionate about cybersecurity, CTF challenges, or just want to hone your ethical hacking skills, this walkthrough is for you! Don't forget to like, subscribe, and hit the notification bell for more deep dives into HackTheBox machines! 🔔

#CyberSecurity #HackTheBox #EthicalHacking #Linux #PenTesting #TeamCity #Portainer #VulnerabilityExploitation #CTFWalkthrough #InfoSec #RedTeam #RootAccess #DockerSecurity