Docker Escape / Breakout

Tools

Escape a container with /proc/sys/kernel/core_pattern

Docker breakout :

• Mounted Docker UNIX socket.

• Reachable Docker network socket (on both default port 2375/2376).

• Mountable devices (e.g. host / disk)

• CVE-2019-5736

GitHub - PercussiveElbow/docker-escape-tool: Tool to test if you're in a Docker container and attempt simple breakoutsGitHub

Docker Enumeration, Escalation of Privileges and Container Escapes (DEEPCE)

GitHub - stealthcopter/deepce: Docker Enumeration, Escalation of Privileges and Container Escapes (DEEPCE)GitHub

Ed is a tool used to identify and exploit accessible UNIX Domain Sockets

GitHub - brompwnie/ed: Ed is a tool used to identify and exploit accessible UNIX Domain SocketsGitHub

CDK is an open-sourced container penetration toolkit, designed for offering stable exploitation in different slimmed containers without any OS dependency. It comes with useful net-tools and many powerful PoCs/EXPs and helps you to escape container and take over K8s cluster easily.

GitHub - cdk-team/CDK: 📦 Make security testing of K8s, Docker, and Containerd easier.GitHub

Break out the Box (BOtB)

GitHub - brompwnie/botb: A container analysis and exploitation tool for pentesters and engineers.GitHub

Security Cheat Sheet

Docker Security - OWASP Cheat Sheet Series

Resources

Docker Breakout / Privilege EscalationHackTricks

PayloadsAllTheThings/Container - Docker Pentest.md at master · swisskyrepo/PayloadsAllTheThingsGitHub