Experimenting shell injection with ptrace.
- Build docker image
ptrace-exp:
docker build . --tag ptrace-exp- Run image
ptrace-exp:
docker run --name ptrace-1 --cap-add=SYS_PTRACE --security-opt seccomp=unconfined -it ptrace-exp bash- In container, run
tracee, copy the pid printed:
(docker) ./tracee- From another session, access the same container from the outside:
docker exec -it ptrace-1 /bin/bash- In container, run
tracerto inject:
(docker) ./tracer <pid>- Now we should be able to run arbitrary commands from the first session.