Legal, encouraged and rewarded. Bug bounty programs allow hackers doing these kind of explorations. Although most programs advise you not to do anything once you get code execution as it might break things on production, so the final part where they started intercepting traffic might not be something I would do, but they took a calculated risk, that this is is docker container that does no critical work and it would be interesting to see if we could break out of it. So that's fine.
You can read up more of such reports at hackerone.com/hackitivity or just searching about bug bounty writeups for X organization
pgo|5 years ago
You can read up more of such reports at hackerone.com/hackitivity or just searching about bug bounty writeups for X organization
jacobr1|5 years ago
neop1x|5 years ago
"Page not found
The page you are looking for does not exist. "