Docker Escape / Breakout
Tools
Docker breakout :
Mounted Docker UNIX socket.
Reachable Docker network socket (on both default port 2375/2376).
Mountable devices (e.g. host / disk)
CVE-2019-5736
Docker Enumeration, Escalation of Privileges and Container Escapes (DEEPCE)
Ed is a tool used to identify and exploit accessible UNIX Domain Sockets
CDK is an open-sourced container penetration toolkit, designed for offering stable exploitation in different slimmed containers without any OS dependency. It comes with useful net-tools and many powerful PoCs/EXPs and helps you to escape container and take over K8s cluster easily.
References
Last updated