HackTheBox - Shoppy is a HackTheBox easy linux machine created by lockscan. Had a injection which lead to broken authentication. with more injection we where able to leak admin credentials using which we can access mattermost on that we get ssh credentials and get access to box checking sudo -l we see password manager can be ran as user deploy getting the password we can get deploy user shell password. As deploy user we are in docker group using which we can get root on the box.
