Microsoft Dynamics Container Sandbox RCE via Unauthenticated Docker Remote API 20,000$ Bounty

Microsoft Stating that Production data can be uploaded to the sandboxed environment

Steps To Reproduce the Remote Code Execution on Dynamics Container Sandbox:

Docker Remote API Provides information about running container(s).

Save the file with the extension of .ps1

Getting ready for Reverse Shell connections
A successful operation of exec endpoint will provide output of an ID that we will use in the next step to initiate the command on the container. Keep this ID.
The Output from the Curl command used to download the reverse shell. this output means that the payload was downloaded successfully to the container into C:\\Run\\script.ps1
After the Start endpoint was hit, I Immediately received a connection to my C&C server from the Dynamics Container Sandbox.

--

--

--

Penetration Tester @eBay

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Responding to AWS Abuse Alerts

MITRE ATT&CK

KuCoin is pleased to announce that Sentinel DVPN is listed on their trading platform, on the 27th…

KABN Presents: Digital Identity 2020 — The evolving digital identity landscape

GAL Early Adopters Rewards

[Announcement] RCG to be listed on Bibox

Pwning FortiSIEM: from CVE-2019–16153 to infrastructure compromise

Quark on an Android malware: how good was it? My opinion!

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Chen Cohen

Chen Cohen

Penetration Tester @eBay

More from Medium

Understanding Distributed Tracing

Testing WebSockets for Vulnerabilities {Part-1} The Basics.

Smag-Grotto CTF Walkthrough