PBQ 5: Container Security - Docker Privilege Escalation & Escape

Docker Privilege Escalation & Host Compromise

Szenario

During an internal penetration test, you gain shell access to a Docker container running as part of the organization's microservices architecture. Container Environment: - Container ID: c8f3d91e4a2b - Base Image: ubuntu:20.04 - Running User: root (inside container) - Host OS: Ubuntu 22.04 LTS - Docker Version: 24.0.7 Initial Enumeration Results: - Container is running in privileged mode - Host filesystem potentially accessible via /host mount - Docker socket mounted at /var/run/docker.sock - CAP_SYS_ADMIN capability detected Your Goal: Escape the container to gain access to the underlying host system.

Anleitung

Follow the exploitation path to achieve container escape. Select the correct commands and techniques for each phase.

Phase 1: Enumeration

Check if running in privileged mode

Phase 2: Enumeration

Identify if Docker socket is accessible

Phase 3: Exploitation

Exploit Docker socket to spawn privileged container with host filesystem

Phase 4: Exploitation

Exploit privileged mode using cgroup release_agent

Phase 5: Exploitation

Mount host filesystem using privileged capabilities

Phase 6: Post-Exploitation

Establish persistence on the host