## . ## ## ## == ## ## ## ## === /"""""""""""""""""\___/ === ~~~ {~~ ~~~~ ~~~ ~~~~ ~~~ ~ / ===- ~~~ \______ X __/ \ \ __/ \____\_______/ __ ____/ /__ ___ ____ ________ / __ / _ \/ _ \/ __ \/ ___/ _ \ ENUMERATE / /_/ / __/ __/ /_/ / (__/ __/ ESCALATE \__,_/\___/\___/ .___/\___/\___/ ESCAPE /_/ Docker Enumeration, Escalation of Privileges and Container Escapes (DEEPCE) by stealthcopter ==========================================( Colors )========================================== [+] Exploit Test ............ Exploitable - Check this out [+] Basic Test .............. Positive Result [+] Another Test ............ Error running check [+] Negative Test ........... No [+] Multi line test ......... Yes Command output spanning multiple lines Tips will look like this and often contains links with additional info. You can usually ctrl+click links in modern terminal to open in a browser window See https://stealthcopter.github.io/deepce ===================================( Enumerating Platform )=================================== [+] Inside Container ........ Yes [+] Container Platform ...... docker [+] Container tools ......... None [+] User .................... root [+] Groups .................. root [+] Sudoers ................. Yes root ALL=(ALL) ALL %wheel ALL=(ALL) ALL [+] Docker Executable ....... Not Found [+] Docker Sock ............. Not Found [+] Docker Version .......... Version Unknown ==================================( Enumerating Container )=================================== [+] Container ID ............ fb0e196a69de [+] Container Full ID ....... / [+] Container Name .......... Could not get container name through reverse DNS [+] Container IP ............ Could not find IP [+] DNS Server(s) ........... 168.63.129.16 [+] Host IP ................. Could not find Host IP [+] Operating System ........ GNU/Linux [+] Kernel .................. 6.5.0-1021-azure [+] Arch .................... x86_64 [+] CPU ..................... AMD EPYC 7763 64-Core Processor [+] Useful tools installed .. Yes /usr/bin/curl /usr/bin/python3 [+] Dangerous Capabilities .. Yes Current: cap_chown,cap_dac_override,cap_fowner,cap_fsetid,cap_kill,cap_setgid,cap_setuid,cap_setpcap,cap_net_bind_service,cap_net_raw,cap_sys_chroot,cap_mknod,cap_audit_write,cap_setfcap=ep Bounding set =cap_chown,cap_dac_override,cap_fowner,cap_fsetid,cap_kill,cap_setgid,cap_setuid,cap_setpcap,cap_net_bind_service,cap_net_raw,cap_sys_chroot,cap_mknod,cap_audit_write,cap_setfcap Current IAB: !cap_dac_read_search,!cap_linux_immutable,!cap_net_broadcast,!cap_net_admin,!cap_ipc_lock,!cap_ipc_owner,!cap_sys_module,!cap_sys_rawio,!cap_sys_ptrace,!cap_sys_pacct,!cap_sys_admin,!cap_sys_boot,!cap_sys_nice,!cap_sys_resource,!cap_sys_time,!cap_sys_tty_config,!cap_lease,!cap_audit_control,!cap_mac_override,!cap_mac_admin,!cap_syslog,!cap_wake_alarm,!cap_block_suspend,!cap_audit_read,!cap_perfmon,!cap_bpf,!cap_checkpoint_restore [+] SSHD Service ............ Unknown (ps not installed) [+] Privileged Mode ......... Unknown ====================================( Enumerating Mounts )==================================== [+] Docker sock mounted ....... No [+] Other mounts .............. Yes /home/runner/work/deepce/deepce/deepce.sh /root/deepce.sh rw,relatime - ext4 /dev/root rw,discard,errors=remount-ro [+] Possible host usernames ... runner ====================================( Interesting Files )===================================== [+] Interesting environment variables ... No [+] Any common entrypoint files ......... Yes -rwxr-xr-x 1 1001 127 39K Jun 5 15:23 /root/deepce.sh [+] Interesting files in root ........... No [+] Passwords in common files ........... No [+] Home directories .................... No [+] Hashes in shadow file ............... No [+] Searching for app dirs .............. ==================================( Enumerating Containers )================================== By default containers can communicate with other containers on the same network and the host machine, this can be used to enumerate further ==============================================================================================