Exploit: docker sock pwn

Exploit: docker-sock-pwn

通过本地docker.sock向宿主机部署后门容器，以完成控制宿主机的目标。

本脚本将控制宿主机的docker进程，拉取指定的后门镜像并运行，运行过程中镜像将宿主机的根目录/挂载到容器内部的/host目录下，便于通过后门容器修改宿主机本地文件(如crontab)来完成逃逸。

Deploy backdoor container to target host via local docker unix socket.

This script will dial docker daemon via local unix socket to run user-specified "backdoor" image with host root dir / mounted to container /host, then you can execute cmd inside the container and write payloads to host filesystem(e.g. /etc/crontab) to escape.

Usage

./cdk run docker-sock-pwn <sock_path> <shell_cmd>

Example

# deploy image from dockerhub
./cdk run docker-sock-pwn /var/run/docker.sock "touch /host/tmp/pwn-success"

png

Search code, repositories, users, issues, pull requests...

Exploit: docker sock pwn

Exploit: docker-sock-pwn

Usage

Example

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Clone this wiki locally