Exploit Notes

Docker Pentesting

Last modified: 2023-03-18

Container Privilege Escalation

Docker is a set of platform as a service products that use OS-level virtualization to deliver software in packages called containers. Default ports are 2375, 2376.


Find Docker Binary

If we cannot use “docker” command by default, we need to find the docker binary.

find / -name "docker" 2>/dev/null

Basic Commands

# List images
docker images
docker image ls
# The history of an image
docker image history <image-name>

# List containers running
docker container ls
# or
docker ps

# List all containers
docker container ls -a
# or
docker ps -a

# List secrets
docker secret ls

Check if Containers Running

In target machine, observe the network status by running “netstat” or “ss” command.

netstat -punta
# or
ss -ltu

# -------------------------------------------------------

tcp  0  0*  LISTEN  -

Basic Operations

Run a New Container

First check the docker images listed.

docker images

Then run a new container from the image.

# -d: detached mode (background)
# -p: map the port of the host to the port in the container
docker run -dp 80:80 <image-name>

If you want to run a new container from a remote repository, run the following.

# --rm: Removes the anonymous volumes when the container is removed
# -i: interactive
# -t: tty
# --network=host: The container is not isolated from the Docker host. The IP address is your own home IP address.
docker run --rm -it --network=host <repository>/<image>

Start a Container which is stopped

# List all containers and check the target ID
docker container ls -a

# Start the container
docker container start <container-id>

Run Commands in a Container

# List containers running and check the target container ID
docker ps

# Run commands by giving the container ID
docker exec <container-id> whoami
docker exec <container-id> cat sample.txt

Stop a Container

# List running containers and check the target container ID
docker ps

# Stop the container by giving the ID
docker stop <container-id>

Remove a Container

# List all containers and check the target container ID
docker ps -a

# Remove the container by givine the ID
docker rm <container-id>
# Force to remove the running container (-f)
docker rm -f <container-id>

Build a Container Image

First off, create a Dockerfile in the root directory of the project.

FROM node:12-alpine

RUN apk add --no-cache python2 g++ make
COPY . .
RUN yarn install --production
CMD ["node", "src/index.js"]

Now run the following command to build the container image.
This command uses the Dockerfile.

# -t: name a tag of the image
docker build -t <tag-name> .

Scan a Container Image

docker scan <image-name>

Remove an Image

# List images and check the target image ID
docker images

# Remove the image by giving the ID
docker rmi <image-id>

Publish an Image

Before doing below, you need to sign up the Docker Hub and sign in, then create a new repository in your dashboard.

# Login
docker login -u <your-username>

# Tag a new image
docker tag <source-image> <your-username>/<target-image>

# Push
docker push <your-username>/<target-image>

Tools by HDKS


Automatic web fuzzer.


Auto reconnaissance CLI.

Hash Cracker

Hash identifier.