Skip to content

Exploit: mount disk

cdxy edited this page Nov 24, 2020 · 1 revision

Exploit: mount-disk

自动化逃逸有设备操作权限的容器。常用于逃逸特权容器。

该脚本将自动化识别当前容器内的挂载情况,并将宿主机的物理磁盘挂载到容器中,从而使容器中可以编辑宿主机文件(如修改宿主机的/etc/crontab)完成逃逸。

Automated escape container which have privilege to manage host device, especially for escape privileged containers.

This exploit will first gather host device information then mount disk to container, so you can escape container by overwriting host files such as /etc/crontab.

Usage

./cdk run mount-disk

Example

测试案例

  1. 宿主机以特权模式启动容器,尝试在该容器内部通过本脚本逃逸。docker run -v /root/cdk:/cdk --rm -it --privileged ubuntu bash
  2. 容器内部执行 ./cdk run mount-disk
  3. 在容器内部进入挂载目录,直接管理宿主机磁盘文件。

Testing Case

  1. run a privileged container in host docker run -v /root/cdk:/cdk --rm -it --privileged ubuntu bash, try to escape this container using CDK.
  2. attach into the container and execute ./cdk run mount-disk
  3. cd to mounted dir, manipulate host disk files directly.

Clone this wiki locally