https://github.com/gill-singh-a/docker-api-remote-root-shell-exploit

A Simple Python Program that uses Docker Module to communicate with Docker API and gets a Remote Root Shell on the Target Device
https://github.com/gill-singh-a/docker-api-remote-root-shell-exploit

docker exploit python ssh

Last synced: 3 months ago
JSON representation

A Simple Python Program that uses Docker Module to communicate with Docker API and gets a Remote Root Shell on the Target Device

• Host: GitHub
• URL: https://github.com/gill-singh-a/docker-api-remote-root-shell-exploit
• Owner: Gill-Singh-A
• Created: 2024-07-11T05:41:42.000Z (7 months ago)
• Default Branch: master
• Last Pushed: 2024-08-24T00:30:45.000Z (5 months ago)
• Last Synced: 2024-08-24T21:17:28.654Z (5 months ago)
• Topics: docker, exploit, python, ssh
• Language: Python
• Homepage:
• Size: 344 KB
• Stars: 2
• Watchers: 2
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

        
# Docker API Remote Root Shell Exploit

A Simple Python Program that uses Docker Module to communicate with Docker API and gets a Remote Root Shell on the Target Device

## Requirements

Language Used = Python3


Modules/Packages used:

* os

* docker

* paramiko

* socket

* random

* string

* base64

* getpass

* datetime

* subprocess

* optparse

* multithreading

* colorama

* time

Install the dependencies:

```bash

pip install -r requirements.txt

```

## Setup

After installing Docker on your local device, run the following commands as root user

```bash

docker pull ubuntu:20.04

docker save ubuntu:20.04 -o ubuntu_image.tar

chmod 666 ubuntu_image.tar

```

## Working

![Working of Exploit](assets/images/working.png)

## Result

After Successful Exploitation, we can directly ssh to the target device as root user or the provided user.

## Note

This Method won't work if the Docker API is password Protected or when Docker is run with non-root user.