Wording, reviewer remarks
Martin Pizala
parent
b78cb12546
commit
5ae708081d
|
|
@ -3,7 +3,7 @@ Utilizing Rancher Server, an attacker can create a docker container
|
|||
with the '/' path mounted with read/write permissions on the host
|
||||
server that is running the docker container. As the docker container
|
||||
executes command as uid 0 it is honored by the host operating system
|
||||
allowing the attacker to edit/create files owed by root. This exploit
|
||||
allowing the attacker to edit/create files owned by root. This exploit
|
||||
abuses this to creates a cron job in the '/etc/cron.d/' path of the
|
||||
host server.
|
||||
|
||||
|
|
@ -78,13 +78,12 @@ Host Registration URL.
|
|||
The new host should pop up on the Hosts screen within a minute.
|
||||
|
||||
# Exploitation
|
||||
This module is designed for the attacker to leverage, creation of a
|
||||
docker container to gain root access on the rancher host.
|
||||
This module is designed to gain root access on a Rancher Host.
|
||||
|
||||
## Options
|
||||
- CONTAINER_ID if you want to have a human readable name for your container, else it will be randomly generated
|
||||
- DOCKERIMAGE is the locally or from hub.docker.com available image you are wanting to have Rancher to deploy for this exploit.
|
||||
- TARGETURI this is the Rancher Server API path. The default environment is /v1/projects/1a5
|
||||
- CONTAINER_ID if you want to have a human readable name for your container, otherwise it will be randomly generated.
|
||||
- DOCKERIMAGE is the local image or hub.docker.com available image you want to have Rancher to deploy for this exploit.
|
||||
- TARGETURI this is the Rancher Server API path. The default environment is `/v1/projects/1a5`.
|
||||
- WAIT_TIMEOUT is how long you will wait for a docker container to deploy before bailing out if it does not start.
|
||||
|
||||
By default access control is disabled, but if enabled, you need API
|
||||
|
|
|
|||
Loading…
Reference in New Issue