How to use Docker to solve CTF challenges?

In this short video I'm showing how to use Docker to locally prepare and test exploits for CTF challenges.

This is not a typical writeup! The priority is to explain in more detail about the vulnerabilities and tools that can be used to solve similar tasks.

In this video you can learn what is Docker, how to run Dockerfile provided by CTF authors, what to do to search for vulnerabilities in docker image, how to exploit popular vulnerability in EJS templating engine and how to deal with blind RCE to still be able to get the flag.

#capturetheflag #writeup #remotecodeexecution #docker #dockerfile #dockercompose #rce #ctf #vulnerability #webhooksite #blindrce #nodejs #node #express #expressjs

00:00 Intro
00:13 Challenge description
00:42 What is Docker?
01:34 Dockerfile and docker-compose.yml
03:05 Running it locally
03:45 Docker Scan
04:33 Challenge code overview
05:18 Writing an exploit
06:29 JSON Cookie?
07:25 Crafting final payload
07:52 Blind RCE and webhook.site
08:21 Getting the flag

Hand Drawn icons created by Freepik - Flaticon

Music:
Goat's Skull - Verified Picasso
El Secreto - Yung Logos