Docker Container

Container Escapes

Docker Breakout / Privilege EscalationHackTricks

Lateral Movement

Docker containers can talk to the host machine and other docker containers. A docker container usually has an IP address in the format 172.17.0.X.

For example, if you are in a docker container with IP address 172.17.0.3, then 172.17.0.1 is probably the host machine, which you should scan for open ports with nmap. 172.17.0.2 is in that case probably another container, which you are also allowed to communicate with by default.

Keep in mind that docker containers can often talk to the internet, as well as private networks outside docker. For example, if your pwned docker container is on 172.17.0.3, but the host is in the 192.168.0.0 network, then your docker container will also be able to reach hosts on that 192.168.0.0 network.

Use statically compiled tools. Use nmap to scan and chisel to create tunnels from your machine through the pwned docker host.

PreviousBackdoors NextGeneral

Last updated 1 year ago