getshell testTo run:
- (1). edit poc command in stage2.c
- (2). build docker `docker build -t cve .`
- (3). run docker `docker run -d cve /bin/bash -c "tail -f /dev/null"`
- (4). backup docker-runc `cp /usr/bin/docker-runc /usr/bin/docker-runc.bak`
- (5). `docker exec -it docker-id /bin/bash`
- (6). in docker run `cd /root && ./run.sh && exit`
- (7). `docker exec -it docker-id /bin/bash`,bingo!!
run `strings /usr/bin/docker-runc | tail -n 2` view docker-runc
run `cp /usr/bin/docker-runc.bak /usr/bin/docker-runc` recovery docker-runc
[4.0K] /data/pocs/6ea16398a54632e9a72dc8e53a7bbedadc10af2f
├── [ 369] Dockerfile
├── [ 579] README.md
├── [ 265] run.sh
├── [ 528] stage1.c
└── [ 585] stage2.c
0 directories, 5 files