By: Tomi Engdahl

Tomi Engdahl — Mon, 24 Aug 2020 12:16:59 +0000

Escaping out of a docker container by circumventing an ad-hoc reverse proxy that was supposed to prevent abuse of “docker.sock” file exposure.

A Tale of Escaping a Hardened Docker container
https://www.redtimmy.com/docker/a-tale-of-escaping-a-hardened-docker-container/

By: Tomi Engdahl

Tomi Engdahl — Tue, 15 Jan 2019 13:08:41 +0000

THREAT RESEARCH BLOG POST
How I Hacked Play-with-Docker and Remotely Ran Code on the Host
https://www.cyberark.com/threat-research-blog/how-i-hacked-play-with-docker-and-remotely-ran-code-on-the-host/

Play-with-Docker (PWD), Docker’s playground website, allows beginners to run Docker commands in a matter of seconds. Built on a number of hosts with each running multiple student’s containers, it’s a great place to learn Docker. PWD provides the experience of having a free Alpine Linux virtual machine in a web browser where students can build and run Docker containers and experience Docker firsthand without having to first install and configure it.

This unique offering was warmly welcomed by DevOps practitioners with more than 100,000 total monthly site visits, where Docker tutorials, workshops and training are also available. The initiative was an effort originated by Marcos Nils and Jonathan Leibiusky, aided by the Docker community and sponsored by Docker.

CyberArk Labs set out to try and escape the mock container in an effort to run code on the Docker host.

The impact of container escape is similar to escape from a virtual machine, as both allow access to the underlying server.

Comments on: Escape Docker Container Using waitid() | CVE-2017-5123 | Twistlock

By: Tomi Engdahl

By: Tomi Engdahl