Exploiting Cluster Secrets

In this scenario we will see how we will exploit an application to access docker swarm cluster secrets.

  • The application running in the CTF VM has code execution vulnerability http://CTFVMIP:8080/?domain=;id and is running in docker swarm with secrets attached