module
DC/OS Marathon UI Docker Exploit
| Disclosed | Created |
|---|---|
| 03/03/2017 | 05/30/2018 |
Disclosed
03/03/2017
Created
05/30/2018
Description
Utilizing the DCOS Cluster's Marathon UI, an attacker can create
a docker container with the '/' path mounted with read/write
permissions on the host server that is running the docker container.
As the docker container executes command as uid 0 it is honored
by the host operating system allowing the attacker to edit/create
files owed by root. This exploit abuses this to creates a cron job
in the '/etc/cron.d/' path of the host server.
*Notes: The docker image must be a valid docker image from
hub.docker.com. Furthermore the docker container will only
deploy if there are resources available in the DC/OS cluster.
a docker container with the '/' path mounted with read/write
permissions on the host server that is running the docker container.
As the docker container executes command as uid 0 it is honored
by the host operating system allowing the attacker to edit/create
files owed by root. This exploit abuses this to creates a cron job
in the '/etc/cron.d/' path of the host server.
*Notes: The docker image must be a valid docker image from
hub.docker.com. Furthermore the docker container will only
deploy if there are resources available in the DC/OS cluster.
Author
Erik Daguerre
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands ‘show options’ or ‘show advanced’:
msf > use exploit/linux/http/dcos_marathon
msf /(n) > show actions
...actions...
msf /(n) > set ACTION < action-name >
msf /(n) > show options
...show and set options...
msf /(n) > run
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.