A detailed CTF walkthrough for the TryHackMe 'ContainMe' challenge covering a full attack chain: exploiting an unsanitized PHP command injection via passthru() to get RCE as www-data, abusing an obfuscated UPX-packed SUID binary with a trivial password to escalate to root on host1, stealing SSH keys to pivot into a second LXD container, dumping plaintext MySQL credentials, and using password reuse to gain root on host2. Each exploitation step is paired with concrete defensive mitigations including escapeshellarg(), SUID auditing, bcrypt password hashing, and container network segmentation.
Table of contents
Phase 2: Initial Access — Command InjectionConfirming InjectionGetting a Reverse ShellSort: