-
Notifications
You must be signed in to change notification settings - Fork 551
Exploit: docker sock check
检查docker unix socket是否可用,在container-in-container的部署模式中,常将宿主机的docker.sock挂载到容器内部(通常路径是/var/run/docker.sock
),当您在容器中发现docker.sock时,意味着您可以控制宿主机的docker进程,并可以在宿主机部署后门镜像完成逃逸。API参考: https://docs.docker.com/engine/api/v1.24/#31-containers
本脚本将尝试连接Docker API并回传宿主机的docker运行信息,以检查API是否可用。
Check if user specified docker unix socket file is available for exploit. In order to deploy Docker In Docker(a.k.a DIND) applications, admins often mount host /var/run/docker.sock
into containers, which allow us to escape container by taking over docker process on target host. We can send commands directly to docker daemon via this docker unix socket. API Ref: https://docs.docker.com/engine/api/v1.24/#31-containers
This script will check if user specified socket file is available, and retrieve meta-info from docker-daemon.
./cdk run docker-sock-check <sock-path>
./cdk run docker-sock-check /var/run/docker.sock