-
Notifications
You must be signed in to change notification settings - Fork 553
Exploit: docker sock pwn
cdxy edited this page Feb 8, 2021
·
1 revision
通过本地docker.sock向宿主机部署后门容器,以完成控制宿主机的目标。
本脚本将控制宿主机的docker进程,拉取指定的后门镜像并运行,运行过程中镜像将宿主机的根目录/
挂载到容器内部的/host
目录下,便于通过后门容器修改宿主机本地文件(如crontab)来完成逃逸。
Deploy backdoor container to target host via local docker unix socket.
This script will dial docker daemon via local unix socket to run user-specified "backdoor" image with host root dir /
mounted to container /host
, then you can execute cmd inside the container and write payloads to host filesystem(e.g. /etc/crontab
) to escape.
See Also:
./cdk run docker-sock-pwn <sock_path> <shell_cmd>
# deploy image from dockerhub
./cdk run docker-sock-pwn /var/run/docker.sock "touch /host/tmp/pwn-success"