A penetration toolkit for container environment

Overview

ctrsploit: A penetration toolkit for container environment

中文文档

Pre-Built Release

https://github.com/ctrsploit/ctrsploit/releases

Usage

Quick-Start

wget -O ctrsploit https://github.com/ctrsploit/ctrsploit/releases/download/v0.4/ctrsploit_linux_amd64 && chmod +x ctrsploit
./ctrsploit --help
NAME:
   ctrsploit - A penetration toolkit for container environment

ctrsploit is a command line ... //TODO


USAGE:
   ctrsploit [global options] command [command options] [arguments...]

COMMANDS:
   auto, a     auto gathering information, and detect vuls, and exploit // TODO
   exploit, e  run a exploit
   env, e      gather information // TODO
   help, h     Shows a list of commands or help for one command

GLOBAL OPTIONS:
   --lang value  language for the greeting (default: "english")
   --help, -h    show help (default: false)

gather information

usage

[email protected]:/# ./ctrsploit env
NAME:
   ctrsploit env - gather information

USAGE:
   ctrsploit env command [command options] [arguments...]

COMMANDS:
   where, w        detect whether you are in the container, and which type of the container
   graphdriver, g  detect graphdriver type and extend information
   cgroups, c      gather cgroup information
   help, h         Shows a list of commands or help for one command

OPTIONS:
   --help, -h  show help (default: false)

where

[email protected]:/# ./ctrsploit  env  w
INFO[0000] ===========Docker=========
.dockerenv exists: ✔
rootfs contains 'docker': ✔
cgroup contains 'docker': ✘
the mount source of /etc/hosts contains 'docker': ✔
hostname match regex ^[0-9a-f]{12}$: ✔
=> is in docker: ✔ 
INFO[0000] ===========k8s=========
/var/run/secrets/kubernetes.io exists: ✘
hostname match k8s pattern: ✘
the mount source of /etc/hosts contains 'pods': ✘
cgroup contains 'kubepods': ✘
=> is in k8s: ✘ 

run a exploit

[email protected]:/# ./ctrsploit e
NAME:
   ctrsploit exploit - run a exploit

USAGE:
   ctrsploit exploit command [command options] [arguments...]

COMMANDS:
   cgroupv1-release_agent, ra                       escape tech by using the notify_on_release of cgroup v1
   cgroupv1-release_agent-unknown_rootfs, ra3       escape tech by using the notify_on_release of cgroup v1 without known rootfs
   help, h                                          Shows a list of commands or help for one command

OPTIONS:
   --help, -h  show help (default: false)

eg. : escape by 'cgroupv1-release_agent' tech.

[email protected] # docker run -ti --rm --security-opt="apparmor=unconfined" --cap-add="sys_admin" busybox
[email protected] # wget -O ctrsploit https://github.com/ctrsploit/ctrsploit/releases/download/v0.4/ctrsploit_linux_amd64 && chmod +x ctrsploit
[email protected] # ./ctrsploit e ra -c "cat /etc/hostname"

Details

env

command alias description
where w detect whether you are in the container, and which type of the container
graphdriver g detect graphdriver type and extend information
cgroups c gather cgroup information
capability cap show the capability of pid 1 and current process
seccomp s show the seccomp info
apparmor a show the apparmor info

exploit

exploit alias description
cgroupv1-release_agent ra escape tech by using the notify_on_release of cgroup v1
cgroupv1-release_agent-unknown_rootfs ra3 escape tech by using the notify_on_release of cgroup v1 without known rootfs
cve-2021-22555 22555 escape tech by using the CVE-2021-22555
You might also like...
IndieAuth Toolkit for Go.

IndieAuth Toolkit for Go This repository contains a set of tools to help you implement IndieAuth, both server and client, in Go. The documentation can

JOY5 AV Toolkit.

JOY5 AV Toolkit.

BuildKit - A toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner
BuildKit - A toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner

BuildKit BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Key features: Automati

Harbormaster - Toolkit for automating the creation & mgmt of Docker components and tools

My development environment is MacOS with an M1 chip and I mostly develop for lin

 APKrash is an Android APK security analysis toolkit focused on comparing APKs to detect tampering and repackaging.
APKrash is an Android APK security analysis toolkit focused on comparing APKs to detect tampering and repackaging.

APKrash APKrash is an Android APK security analysis toolkit focused on comparing APKs to detect tampering and repackaging. Features Able to analyze pu

Substation is a cloud native toolkit for building modular ingest, transform, and load (ITL) data pipelines

Substation Substation is a cloud native data pipeline toolkit. What is Substation? Substation is a modular ingest, transform, load (ITL) application f

AWS environment config loader

awsenv AWS environment config loader. awsenv is a small binary that loads AWS environment variables for an AWS profile from ~/.aws/credentials - usefu

A multi-service dev environment for teams on Kubernetes
A multi-service dev environment for teams on Kubernetes

Tilt Kubernetes for Prod, Tilt for Dev Modern apps are made of too many services. They're everywhere and in constant communication. Tilt powers multi-

:recycle: Now you can easily rollback to previous deployed images whatever you want on k8s environment

EasyRollback EasyRollback is aim to easy rollback to previous images that deployed on k8s environment Installation You should have go installation fir

Comments
  • build a toolkit image for building ctrsploit

    build a toolkit image for building ctrsploit

    Make Dockerfile to build docker image which includes some useful tools for buiding the ctrsploit which can ensure everyone getting the same client he need.

    opened by normalbe 0
  • check whether in k8s by environment

    check whether in k8s by environment

    https://cloud.redhat.com/blog/writing-custom-controller-python

    By checking whether KUBERNETES_PORT environment variables are defined or not, we detect whether code is being run within a pod or outside. This allows us to use the same code to run manually (which is quite handy during development). At this step, we are authenticated and can talk to the Kubernetes API.

    if 'KUBERNETES_PORT' in os.environ:
        config.load_incluster_config()
    else:
        config.load_kube_config()
    
    help wanted env 
    opened by ssst0n3 0
Releases(v0.5.2)
Owner
null
Tpf2-tpnetmap-toolkit - A toolkit to create svg map images from TransportFever2 world data

tpf2-tpnetmap-toolkit TransportFever2 のワールドデータから svg のマップ画像を作成するツールキットです。 1. 導入方

Nosrith 1 Feb 17, 2022
Testcontainers is a Golang library that providing a friendly API to run Docker container. It is designed to create runtime environment to use during your automatic tests.

When I was working on a Zipkin PR I discovered a nice Java library called Testcontainers. It provides an easy and clean API over the go docker sdk to

null 1.6k Sep 19, 2022
KNoC is a Kubernetes Virtual Kubelet that uses an HPC cluster as the container execution environment

Kubernetes Node on Cluster KNoC is a Virtual Kubelet Provider implementation that manages real pods and containers in a remote container runtime by su

Computer Architecture and VLSI Systems (CARV) Laboratory 6 Sep 21, 2022
Tool which gathers basic info from apk, which can be used for Android penetration testing.

APKSEC Tool which gathers basic info from apk, which can be used for Android penetration testing. REQUIREMENTS AND INSTALLATION Build APKSEC: git clon

Jayateertha Guruprasad 3 Sep 2, 2022
Moby Project - a collaborative project for the container ecosystem to assemble container-based systems

The Moby Project Moby is an open-source project created by Docker to enable and accelerate software containerization. It provides a "Lego set" of tool

Moby 64.1k Sep 17, 2022
Boxygen is a container as code framework that allows you to build container images from code

Boxygen is a container as code framework that allows you to build container images from code, allowing integration of container image builds into other tooling such as servers or CLI tooling.

nitric 5 Dec 13, 2021
Amazon ECS Container Agent: a component of Amazon Elastic Container Service

Amazon ECS Container Agent The Amazon ECS Container Agent is a component of Amazon Elastic Container Service (Amazon ECS) and is responsible for manag

null 0 Dec 28, 2021
The Container Storage Interface (CSI) Driver for Fortress Block Storage This driver allows you to use Fortress Block Storage with your container orchestrator

fortress-csi The Container Storage Interface (CSI) Driver for Fortress Block Storage This driver allows you to use Fortress Block Storage with your co

Fortress 0 Jan 23, 2022
concurrent, cache-efficient, and Dockerfile-agnostic builder toolkit

BuildKit BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Key features: Automati

Moby 5.7k Sep 18, 2022