advent-of-cyber-2025

Room Link:
https://tryhackme.com/room/container-security-aoc2025-z0x3v6n9m2

▶️ David Ackerman – Day 14 Video Walkthrough

Official walkthrough for quick onboarding:

🔗 YouTube Link:
https://youtu.be/600aXKJ9oJ8?si=0CDEHOLW-L1i_LqB

🎄 Advent of Cyber 2025 — Day 14 Write-Up

🧩 Containers — DoorDasher’s Demise

✅ Challenge Answers

1️⃣ What exact command lists running Docker containers?

docker ps

docker ps

🌐 Defaced Website

defaced website

2️⃣ What file is used to define the instructions for building a Docker image?

Dockerfile

3️⃣ What’s the flag?

enter container

docker access

At this point, it’s clear the container has access to the Docker socket:

/var/run/docker.sock

This is a critical misconfiguration.

docker exec verified

Why this is dangerous:

In a secure Docker setup, containers cannot run Docker commands.

Access to /var/run/docker.sock allows interaction with the host Docker daemon.

The Docker daemon runs as root, meaning container access → host-level control.

This results in a Docker escape.

flag

THM{DOCKER_ESCAPE_SUCCESS}

🛠️ Recovery Status

site recovered

🎁 Bonus Question

There is a secret code inside the news site running on port 5002.
This code is also the password for the deployer user — a serious security mistake.

bonus secret

DeployMaster2025!