This is a challenge in which we need to discover two networks.

• The first Docker container is public-facing.
• The second Docker container is on a private network behind this public-facing node.
• The concept is that we need to compromise the first host and then ‘Pivot’ to the second host.

The first step is to craft a reverse shell with no trickery involved.

Open up Kali Linux, take note of the IP Address, and set up a netcat listener

ifconfig
nc -lvnp 9001

Go to:

<http://revshells.com>

Craft a PHP PentestMonkey shell using the correct IP Address and Port

Paste it into a file called evil.php (or something!)

Upload it to the site, browse to the uploaded file, and you see a reverse shell connection established with the netcat listener set up earlier.

If we do ls / We’ll see that there is a folder called private_key

If we look inside, we’ll see id_rsa and id_rsa.pub