Skip to content

Exploit: check ptrace

cdxy edited this page Dec 3, 2020 · 2 revisions

Exploit: check-ptrace

检查容器内部是否存在cap=SYS_PTRACE权限,存在该权限并且挂载宿主机的PID空间时,可以在容器环境内注入宿主机进程进行逃逸。 该脚本将检查内部是否存在cap=SYS_PTRACE权限,同时打印容器内部进程列表。

Checking if container has cap=SYS_PTRACE capability, containers which have both this capability and host PID namespace shared (--PID=host) can be escaped by process injection.
This scripts will check if container has cap=SYS_PTRACE capability then print process information.

Further Exploit: https://github.com/gaffe23/linux-inject

Usage

./cdk run check-ptrace

Example

./cdk run check-ptrace

Clone this wiki locally