Glusterd + Docker Container Breakout
When looking at the processes i noticed gluster running.
After some research i found gluster to be vulnerable to a local privilege escalation exploit: cve-2018–1088, this exploit will allow us to escape the docker container and fully compromise the machine.
To exploit cve-2018–1088 we basically mount a share to a share on the server containing the gcron_enabled file and add a malicious cronjob that will execute a reverse shell on the main host.
creating the share to mount to the host
mounting the share through gluster
gaining full compromise
Last updated