
[1;90m                      ##[1;37m         .
[1;90m                ## ## ##[1;37m        ==
[1;90m             ## ## ## ##[1;37m       ===
[1;37m         /"""""""""""""""""\___/ ===
[1;34m    ~~~ [1;90m{[1;34m~~ ~~~~ ~~~ ~~~~ ~~~ ~[1;90m /  [1;37m===-[1;34m ~~~[0m
[1;90m         \______ X           __/
[1;90m           \    \         __/
[1;90m            \____\_______/[0m
          __
     ____/ /__  ___  ____  ________
    / __  / _ \/ _ \/ __ \/ ___/ _ \ [1;90m  ENUMERATE[0m
   / /_/ /  __/  __/ /_/ / (__/  __/ [1;90m ESCALATE[0m
   \__,_/\___/\___/ .___/\___/\___/[1;90m  ESCAPE[0m
                 /_/

 Docker Enumeration, Escalation of Privileges and Container Escapes (DEEPCE)
 by stealthcopter

[1;34m==========================================[1;32m( Colors )[1;34m==========================================[0m
[1;33m[+][1;32m Exploit Test ............ [0m[48;5;1mExploitable - Check this out[0m
[1;33m[+][1;32m Basic Test .............. [0m[1;33mPositive Result[0m
[1;33m[+][1;32m Another Test ............ [0m[1;31mError running check[0m
[1;33m[+][1;32m Negative Test ........... [0m[1;90mNo[0m
[1;33m[+][1;32m Multi line test ......... [0m[1;33mYes[0m
[1;90mCommand output
spanning multiple lines[0m

[1;90mTips will look like this and often contains links with additional info. You can usually 
ctrl+click links in modern terminal to open in a browser window
See [4mhttps://stealthcopter.github.io/deepce[0m[0m

[1;34m===================================[1;32m( Installing Packages )[1;34m====================================[0m
[1;33m[+][1;32m Installing Packages ..... [0m[1;33mSuccess[0m
[1;34m===================================[1;32m( Enumerating Platform )[1;34m===================================[0m
[1;33m[+][1;32m Inside Container ........ [0m[1;33mYes[0m
[1;33m[+][1;32m Container Platform ...... [0m[1;33mdocker[0m
[1;33m[+][1;32m Container tools ......... [0m[1;31mNone[0m
[1;33m[+][1;32m User .................... [0m[48;5;1mroot[0m
[1;33m[+][1;32m Groups .................. [0m[1;90m[1;37m[48;5;1mroot[0m[1;90m[0m
[1;33m[+][1;32m Sudoers ................. [0m[1;90mNo[0m
[1;33m[+][1;32m Docker Executable ....... [0m[1;90mNot Found[0m
[1;33m[+][1;32m Docker Sock ............. [0m[1;90mNot Found[0m
[1;33m[+][1;32m Docker Version .......... [0m[1;31mVersion Unknown[0m
[1;34m==================================[1;32m( Enumerating Container )[1;34m===================================[0m
[1;33m[+][1;32m Container ID ............ [0m[1;33m365942edab9c[0m
[1;33m[+][1;32m Container Full ID ....... [0m[1;33m/[0m
[1;33m[+][1;32m Container Name .......... [0m[1;31mCould not get container name through reverse DNS[0m
[1;33m[+][1;32m Container IP ............ [0m[1;33m172.17.0.2 [0m
[1;33m[+][1;32m DNS Server(s) ........... [0m[1;33m168.63.129.16 [0m
[1;33m[+][1;32m Host IP ................. [0m[1;33m172.17.0.1[0m
[1;33m[+][1;32m Operating System ........ [0m[1;90mGNU/Linux[0m
[1;33m[+][1;32m Kernel .................. [0m[1;90m6.2.0-1018-azure[0m
[1;33m[+][1;32m Arch .................... [0m[1;90mx86_64[0m
[1;33m[+][1;32m CPU ..................... [0m[1;90mAMD EPYC 7763 64-Core Processor[0m
[1;33m[+][1;32m Useful tools installed .. [0m[1;33mYes[0m
[1;90m/usr/bin/curl
/usr/bin/nslookup
/usr/bin/host
/usr/bin/hostname
/usr/bin/dig
/usr/bin/nmap[0m
[1;33m[+][1;32m Dangerous Capabilities .. [0m[1;33mYes[0m
[1;90mCurrent: cap_chown,cap_[1;37m[48;5;1mdac_override[0m[1;90m,cap_fowner,cap_fsetid,cap_kill,cap_setgid,cap_setuid,cap_setpcap,cap_net_bind_service,cap_net_raw,cap_sys_chroot,[1;37m[48;5;1mcap_mknod[0m[1;90m,cap_audit_write,cap_setfcap=ep
Bounding set =cap_chown,cap_[1;37m[48;5;1mdac_override[0m[1;90m,cap_fowner,cap_fsetid,cap_kill,cap_setgid,cap_setuid,cap_setpcap,cap_net_bind_service,cap_net_raw,cap_sys_chroot,[1;37m[48;5;1mcap_mknod[0m[1;90m,cap_audit_write,cap_setfcap
Current IAB: !cap_[1;37m[48;5;1mdac_read_search[0m[1;90m,!cap_linux_immutable,!cap_net_broadcast,!cap_net_admin,!cap_ipc_lock,!cap_ipc_owner,![1;37m[48;5;1mcap_sys_module[0m[1;90m,![1;37m[48;5;1mcap_sys_rawio[0m[1;90m,![1;37m[48;5;1mcap_sys_ptrace[0m[1;90m,!cap_sys_pacct,![1;37m[48;5;1mcap_sys_admin[0m[1;90m,!cap_sys_boot,!cap_sys_nice,!cap_sys_resource,!cap_sys_time,!cap_sys_tty_config,!cap_lease,!cap_audit_control,!cap_mac_override,!cap_mac_admin,!cap_syslog,!cap_wake_alarm,!cap_block_suspend,!cap_audit_read,!cap_perfmon,!cap_bpf,!cap_checkpoint_restore[0m
[1;33m[+][1;32m SSHD Service ............ [0m[1;90mNo[0m
[1;33m[+][1;32m Privileged Mode ......... [0m[1;31mUnknown[0m
[1;34m====================================[1;32m( Enumerating Mounts )[1;34m====================================[0m
[1;33m[+][1;32m Docker sock mounted ....... [0m[1;90mNo[0m
[1;33m[+][1;32m Other mounts .............. [0m[1;33mYes[0m
[1;90m/home/runner/work/deepce/deepce/deepce.sh /root/deepce.sh rw,relatime - ext4 /dev/root rw,discard,errors=remount-ro[0m
[1;33m[+][1;32m Possible host usernames ... [0m[1;33mrunner [0m
[1;34m====================================[1;32m( Interesting Files )[1;34m=====================================[0m
[1;33m[+][1;32m Interesting environment variables ... [0m[1;90mNo[0m
[1;33m[+][1;32m Any common entrypoint files ......... [0m[1;33mYes[0m
[1;90m-rwxr-xr-x 1 1001 127 39K Dec 28 14:30 /root/deepce.sh[0m
[1;33m[+][1;32m Interesting files in root ........... [0m[1;90mNo[0m
[1;33m[+][1;32m Passwords in common files ........... [0m[1;90mNo[0m
[1;33m[+][1;32m Home directories .................... [0m[1;90mNo[0m
[1;33m[+][1;32m Hashes in shadow file ............... [0m[1;90mNo[0m
[1;33m[+][1;32m Searching for app dirs .............. [0m
[1;34m==================================[1;32m( Enumerating Containers )[1;34m==================================[0m
[1;90mBy default containers can communicate with other containers on the same network and the 
host machine, this can be used to enumerate further[0m

[1;33m[+][1;32m Attempting ping sweep of 172.17.0.0/24 (nmap) [0m
Host: 172.17.0.1 ()	Status: Up
Host: 172.17.0.2 (365942edab9c)	Status: Up
[1;34m======================================[1;32m( Scanning Host )[1;34m=======================================[0m
[1;33m[+][1;32m Scanning host 172.17.0.1 (nmap) [0mStarting Nmap 7.80 ( https://nmap.org ) at 2023-12-28 14:31 UTC
Nmap scan report for 172.17.0.1
Host is up (0.0000090s latency).
Not shown: 65533 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
8084/tcp open  unknown
MAC Address: 02:42:6E:48:B8:4A (Unknown)

Nmap done: 1 IP address (1 host up) scanned in 1.11 seconds
[1;34m===============================================[1;32m[1;34m===============================================[0m