Skip to content

Exploit: mount disk

cdxy edited this page Nov 24, 2020 · 1 revision

Exploit: mount-disk



Automated escape container which have privilege to manage host device, especially for escape privileged containers.

This exploit will first gather host device information then mount disk to container, so you can escape container by overwriting host files such as /etc/crontab.


./cdk run mount-disk



  1. 宿主机以特权模式启动容器,尝试在该容器内部通过本脚本逃逸。docker run -v /root/cdk:/cdk --rm -it --privileged ubuntu bash
  2. 容器内部执行 ./cdk run mount-disk
  3. 在容器内部进入挂载目录,直接管理宿主机磁盘文件。

Testing Case

  1. run a privileged container in host docker run -v /root/cdk:/cdk --rm -it --privileged ubuntu bash, try to escape this container using CDK.
  2. attach into the container and execute ./cdk run mount-disk
  3. cd to mounted dir, manipulate host disk files directly.