# Docker {% embed url="" %} {% embed url="" %} {% embed url="" %} ### Enumerate images and processes ``` docker ps docker images ``` Based on the running images we can now attempt to elevate privileges through them. ``` docker run -v /:/mnt --rm -it chroot /mnt sh ``` ### Breaking Out of Docker Env Lets say for whatever reason Fabian, you seem to list and things aren't where they are supposed to be and if you run `ls -la` Youll notice that something doesnt seem right. ![](/files/cDKPB9mnoMcabeWsUbTs) In the case of Sirol we were root in a docker environment. In order to break out we must first list the disks in the computer and then mount one to our own and we will be able to navigate to the filesystem. `fdisk -l` ![](/files/se7pn3T73oHcIA3dqkYr) This command as seen above lists the disk names and their paths. In order to break out we shall ran the following commands. ``` mkdir /mnt/own mount ##THIS CAN BE CHANGED/dev/sda1 ####/mnt/own cd /mnt/own ``` Notice that in the code we gotta change accordingly which the lists of disks that are in the machine. Once we execute those commadns we will have full control of the filesystem. ![](/files/IqfpQWst2Z3dZssMBJ4B) --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://lyethar.gitbook.io/methodology/readme/privilege-escalation/linux/docker.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.