Use Portainer for Privilege Escalation

Hi Brother,

Another privilege escalation using docker or sandbox escape. The methodology is the same which we need to start a docker image with privileged right in order to mount the host volume. Today, I am going to share to do the escalation using Portainer

What is Portainer?

Portainer is a powerful, GUI-based Container-as-a-Service solution that helps organizations manage and deploy cloud-native applications easily and securely.

So when you have access to the Portainer portal then what you need to do first is to check the available image

Copy the image id that you want to create and run. For example sha256:3e4f91c08d0f8e8981391f89e4f27d1c26a3662be0bf19af20d95eb5d5fa8b6a

Once you have the id, You need to create and run a container based on the image you choosed. To initiate it, you can go to the container section and press add container

Give the container a name and put the image id you copied to the image name

Set the console to Interactive & TTY (-i -t)

Set to mount the / root of the host to /mnt/root in the docker

Set the Security/Host to Privileged Mode, this selection is very important that allow the docker image having access to the host.

You can press the Create button to start the container. Wait untill there is creation succesfully notification

You can see that the new container is running. In order to access the container console, you can click on the name of the container

You can now click the menu >_Console

Select /bin/bash and press Connect

To access the host volume, You can go to /mnt/root

You can browse the host /root home directory

You can see the /etc/hosts of the container host.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s