exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 11 of 11 RSS Feed


Docker Privilege Escalation / Information Disclosure
Posted May 8, 2015
Authored by Eric Windisch, Tonis Tiigi

Docker versions prior to 1.6.1 suffer from privilege escalation and information disclosure vulnerabilities.

tags | advisory, vulnerability, info disclosure
advisories | CVE-2015-3627, CVE-2015-3629, CVE-2015-3630, CVE-2015-3631
SHA-256 | 95ee351837d4eafc2ac444cb87bd4b716e7c5f58566ada9fb56a9b758dee33cc

Related Files

Docker Container Escape
Posted Jul 1, 2021
Authored by Christophe de la Fuente, Spencer McIntyre, Nick Frichette, Borys Poplawski, Adam Iwaniuk | Site metasploit.com

This Metasploit module leverages a flaw in runc to escape a Docker container and get command execution on the host as root. This vulnerability is identified as CVE-2019-5736. It overwrites the runc binary with the payload and waits for someone to use docker exec to get into the container. This will trigger the payload execution. Note that executing this exploit carries important risks regarding the Docker installation integrity on the target and inside the container.

tags | exploit, root
advisories | CVE-2019-5736
SHA-256 | cccb41227aca832e89e9a6f586e66617bdec002e1dded9d5addd44548302edb1
Gitea Git Hooks Remote Code Execution
Posted Apr 7, 2021
Authored by Christophe de la Fuente, Podalirius | Site metasploit.com

This Metasploit module leverages an insecure setting to get remote code execution on the target OS in the context of the user running Gitea. This is possible when the current user is allowed to create git hooks, which is the default for administrative users. For non-administrative users, the permission needs to be specifically granted by an administrator. To achieve code execution, the module authenticates to the Gitea web interface, creates a temporary repository, sets a post-receive git hook with the payload and creates a dummy file in the repository. This last action will trigger the git hook and execute the payload. Everything is done through the web interface. It has been mitigated in version 1.13.0 by setting the Gitea DISABLE_GIT_HOOKS configuration setting to true by default. This disables this feature and prevents all users (including admin) from creating custom git hooks. This module has been tested successfully against docker versions 1.12.5, 1.12.6 and 1.13.6 with DISABLE_GIT_HOOKS set to false, and on version 1.12.6 on Windows.

tags | exploit, remote, web, code execution
systems | windows
advisories | CVE-2020-14144
SHA-256 | 777838a8c7aba78aa158817a5091acfd7337de3556b2fc8c26c13ab9c90a1621
Docker Privileged Container Escape
Posted Aug 6, 2020
Authored by stealthcopter | Site metasploit.com

This Metasploit module escapes from a privileged Docker container and obtains root on the host machine by abusing the Linux cgroup notification on release feature. This exploit should work against any container started with the following flags: --cap-add=SYS_ADMIN, --privileged.

tags | exploit, root
systems | linux
SHA-256 | 96e3dd9d2191efa268a444e84e7547c50e9a4480e50aec7c0ffb4d80ebaaaf32
Docker-Credential-Wincred.exe Privilege Escalation
Posted Apr 27, 2020
Authored by bwatters-r7, Morgan Roman | Site metasploit.com

This Metasploit module exploit leverages a vulnerability in Docker Desktop Community Edition versions prior to where an attacker can write a payload to a lower-privileged area to be executed automatically by the docker user at login.

tags | exploit
advisories | CVE-2019-15752
SHA-256 | eaa66458a1be58495d72ac8518ba2b5c7ce4adda66caa2a735da2834489bbc19
Docker Container Escape
Posted Jul 22, 2019
Authored by dominikczarnotatob

Proof of concept instructions to exploit a Docker container escape vulnerability.

tags | exploit, proof of concept
SHA-256 | 59a356c08ff9521c88b5300d8e1a4bce79db65704f01e01b54cbd581fecab881
Docker Daemon Unprotected TCP Socket
Posted Sep 8, 2017
Authored by Martin Pizala | Site metasploit.com

Utilizing Docker via unprotected tcp socket (2375/tcp, maybe 2376/tcp with tls but without tls-auth), an attacker can create a Docker container with the '/' path mounted with read/write permissions on the host server that is running the Docker container. As the Docker container executes command as uid 0 it is honored by the host operating system allowing the attacker to edit/create files owned by root. This exploit abuses this to creates a cron job in the '/etc/cron.d/' path of the host server. The Docker image should exist on the target system or be a valid image from hub.docker.com.

tags | exploit, root, tcp
SHA-256 | 5eef6332da7f2e3eafd6c25adcb58e15c04382cde4fdec2987c6b2d85ab64dfe
Docker Engine Privilege Escalation
Posted Jan 10, 2017
Authored by Tonis Tiigi, Aleksa Sarai

Docker Engine versions prior to 1.12.6 suffer from an insecure open of a file descriptor.

tags | advisory
advisories | CVE-2016-9962
SHA-256 | c6dd4934c055006df86b6145b7e548b07287014ac26ce1af46e0b6fa783d1157
Docker 1.11.2 Forged VXLAN Packet Service Detection
Posted Nov 24, 2016
Authored by Francesco Tornieri

Docker versions 1.11.2 and below suffer from an issue where a forged VXLAN packet can be leveraged to scan services that are not exposed.

tags | exploit
SHA-256 | a4e4a57ace4ef27819179237d6afd95b851a2dcb97baf0583bc8133f4f80246a
Docker Daemon Privilege Escalation
Posted Sep 17, 2016
Authored by forzoni | Site metasploit.com

This Metasploit module obtains root privileges from any host account with access to the Docker daemon. Usually this includes accounts in the docker group.

tags | exploit, root
SHA-256 | 21635da937bd87b43dde24314b9ad467daff6d045814c41f0388dc2c1020eeb3
Docker Privilege Escalation / Path Traversal / Spoofing
Posted Dec 12, 2014
Authored by Eric Windisch, Tonis Tiigi

Docker version 1.3.3 has been released to address privilege escalation, path traversal, and spoofing vulnerabilities.

tags | advisory, spoof, vulnerability, file inclusion
advisories | CVE-2014-9356, CVE-2014-9357, CVE-2014-9358
SHA-256 | 8500831f87dd1053a5b03c9bb78a961217c43693b105c24e9149353125d6553a
Docker Privilege Escalation
Posted Nov 25, 2014
Authored by Eric Windisch

Docker versions prior to 1.3.2 suffer from privilege and container escalation vulnerabilities.

tags | advisory, vulnerability
advisories | CVE-2014-5277, CVE-2014-6407, CVE-2014-6408
SHA-256 | f3ea689d0955e5745699f82d7c1d878c1c96110a77a052bec055fa5cc225fbc5
Page 1 of 1

File Archive:

November 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    1 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    0 Files
  • 5
    Nov 5th
    0 Files
  • 6
    Nov 6th
    0 Files
  • 7
    Nov 7th
    0 Files
  • 8
    Nov 8th
    0 Files
  • 9
    Nov 9th
    0 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    0 Files
  • 12
    Nov 12th
    0 Files
  • 13
    Nov 13th
    219 Files
  • 14
    Nov 14th
    19 Files
  • 15
    Nov 15th
    66 Files
  • 16
    Nov 16th
    38 Files
  • 17
    Nov 17th
    9 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    11 Files
  • 22
    Nov 22nd
    56 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    36 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    14 Files
  • 28
    Nov 28th
    30 Files
  • 29
    Nov 29th
    35 Files
  • 30
    Nov 30th
    25 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2022 Packet Storm. All rights reserved.

Security Services
Hosting By