Skip to content

flast101/docker-privesc

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

102 Commits

docs

docs

 
 

README.md

README.md

 
 

docker-privesc.sh

docker-privesc.sh

 
 

userns-remap.sh

userns-remap.sh

 
 

Repository files navigation

Abusing Docker Configuration: Privesc Script

Read full article: https://flast101.github.io/docker-privesc

docs/docker.png

Requirements:

  • Access to a shell on the target with a user that can run Docker.
  • The target should have either an internet connection or an image installed in Docker. Use docker images to check and change the "alpine" image accordingly. If there is no image go to https://hub.docker.com to get one (tar.gz file with its Dockerfile) and upload it on the target in your working directory.

Usage example:

privesc.png

Mitigation

By default, the process is run as root in the container:

nomitig.png

Applying the mitigation, we can get rid of this problem. The user "dockremap" is now running the process:

mitig.png

Be Curious, Learning is Life ! 😃

About

Privilege escalation in Docker

Topics

docker vulnerability root-privileges privilege-escalation docker-daemon mitigation docker-configuration privilege-escalation-exploits docker-privilege docker-privilege-escalation

Resources

Readme
Activity

Stars

27 stars

Watchers

1 watching

Forks

8 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages