Hacking with Docker | For Fun And For Profit

Why a blog about hacking with docker

Many companies allow their customers to see / manage the docker containers by allowing them to be in the docker group. After all, tts very easy to say "Just hop on to the php container to do your work".

 

Due to the way docker works, the docker engine needs escalated privileges to manage its containers and that means, anyone in the docker group, effectively has root access to the server.

Your customer might not know this, but malicious users, who can beg, steal and borrow your customers ssh credentials, most definitely will.

In our example, we've given our user sudo rights, but effectively you can achieve everything, including spionage.
As an actual recent case, i had to modify SSH information to allow PasswordAuthentication and to force the server to reboot.

To force the host to reboot from a container, you can add: -v /dev:/dev:rw to the docker run command.
From there on, if you type reboot inside

Read more »