Linux
Exposed Docker Socket
Docker Exec
If you have a low privileged user and can do sudo docker exec ...
chances are you can use CVE-2019-5736 (Ubuntu 18.04, Debian 9) to escalate to root on the host. Modify main.go with your payload and execute in the container. Then do another sudo docker exec ...
to trigger it.
Docker Escape using SYS_MODULE cap
Ansible Credentials
Find & check "ansible.yml". Encrypted password can be converted with "ansible2john" and then decrypted:
Ubuntu 20.04 OverlayFS Exploit CVE-2021-3493
https://ssd-disclosure.com/ssd-advisory-overlayfs-pe/
Should work on most Ubuntus not patched after March 2021, tested on 4.15.0-132-generic #136-Ubuntu
.
Resources
Last updated