Docker Escape Tool
This is a quick script to identify if you're in a Docker container and try some quick escape techniques.
- Refactor literally everything.
- Move from relying on libcurl to Crystal's inbuilt networking once it gains support for unix sockets.
- Improve installing Docker inside a container because currently I'm wgetting a binary lol.
This script assesss if you're in a container through the following:
- Presence of .dockerenv/.dockerinit files
- Mentions of Docker in cgroups
- Weird PID 1 (i.e. not an init)
- Lack of hardware related processes
- Mounted Docker unix socket.
- Reachable Docker network socket.
- Mountable devices (e.g. host / disk)
- Enumerate containers within the same Docker network to pivot
Use a prebuilt binary from the releases page or compile yourself with:
crystal build src/docker-escape.cr
Then just run the compiled binary in your container.