Last updated: 27 Apr 24 02:28:35 (UTC)

Docker Escape

Docker Escape

Hacktricks (general)

https://book.hacktricks.xyz/linux-hardening/privilege-escalation/docker-security/docker-breakout-privilege-escalation

Capabilities

check for them :

capsh --print
capsh --print

cap_sys_admin offers rce on host

https://0xn3va.gitbook.io/cheat-sheets/container/escaping/excessive-capabilities

bonus setup a vulnerable environnement to cap_sys_admin

docker run --rm -it --cap-add=SYS_ADMIN --security-opt apparmor=unconfined ubuntu bash
docker run --rm -it --cap-add=SYS_ADMIN --security-opt apparmor=unconfined ubuntu bash

Additionnal :

Joplin Server v2.14.2, copyright © 2021-2024 JOPLIN.