This box contained authentication bypass using NoSQL injection which led to credentials disclosure then vhost enum gave me a subdomain where those creds were used to get user flag, reverse engineering and docker priv esc was involved to get to root.

Here's buymeacoffee link if you want to support this channel: https://www.buymeacoffee.com/njmulsqb

If you have any queries regarding this box, Reach me at: Email: njmulsqb@protonmail.com Here's my social media: Mastodon: https://www.infosec.exchange/@cyberso... LinkedIn: https://www.linkedin.com/in/njmulsqb GitHub: https://www.github.com/njmulsqb