Capability and Container Exploitation

1 min read Security Careers & Certifications

Capability and Container Exploitation

Linux capabilities provide granular privileges beyond traditional user/root dichotomy. Binaries with specific capabilities might enable privilege escalation without full SUID. Enumerate capabilities using getcap -r / 2>/dev/null. Capabilities like CAP_DAC_READ_SEARCH (read any file) or CAP_SYS_ADMIN (extensive administrative abilities) provide escalation paths. Research specific capability implications for exploitation strategies.

Docker container escapes transform container access into host system compromise. Users in docker groups can mount host file systems into containers, accessing root-owned files. Privileged containers or those with dangerous capabilities enable direct escapes. Even unprivileged containers might escape through kernel vulnerabilities or misconfigurations. Understand container detection and escape techniques for modern environment assessments.

LXC/LXD container technologies present similar escape opportunities through different mechanisms. LXD group membership allows creating privileged containers and mounting host file systems. Security misconfigurations in container definitions enable capability additions or device access. Research container-specific escape techniques as containerization becomes increasingly common.

Kubernetes environments introduce additional privilege escalation vectors through service account tokens, pod security policies, and RBAC misconfigurations. While less common in OSCP scenarios, understanding container orchestration security prepares for modern infrastructure assessments. Cloud metadata services accessible from containers frequently contain credentials enabling lateral movement.