While assessing a cloud-hosted micro-services platform, you obtain a shell inside one of its Docker containers. The container was started with the --privileged flag and the host's /var/run/docker.sock is mounted inside the container. What is the most straightforward way to escalate to root on the underlying host?
Copy the container's /etc/shadow file and crack the root password offline to log in to the host via SSH.
Use the Docker client in the compromised container to start a new image with the host's root filesystem and namespaces mounted, then chroot into it for a host-level root shell.
Exploit a known Linux kernel privilege-escalation flaw such as Dirty COW from inside the container.
Perform ARP spoofing on the Docker bridge network to hijack traffic from other containers and pivot to the host.
Because the Docker daemon listens on /var/run/docker.sock with root privileges, anyone who can issue Docker CLI commands through that Unix socket can instruct the daemon to start new containers with arbitrary parameters on the host. By launching another container that mounts the host's root filesystem (for example, docker run -v /:/host --net host --pid host ubuntu chroot /host /bin/bash), you immediately obtain a root shell outside the original container. Exploiting a kernel bug such as Dirty COW may work, but it is unnecessary and less reliable when full daemon control is already available. Copying the container's /etc/shadow only helps against passwords inside the container, not the host. ARP spoofing the container bridge compromises network traffic, not host-level privilege.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What does the --privileged flag do when starting a Docker container?
Open an interactive chat with Bash
What is the significance of /var/run/docker.sock in Docker security?
Open an interactive chat with Bash
What does chroot do and why is it used for privilege escalation in this scenario?
Open an interactive chat with Bash
What does the --privileged flag do in a Docker container?
Open an interactive chat with Bash
What is /var/run/docker.sock, and why is it critical in this context?
Open an interactive chat with Bash
What does chroot do, and how does it contribute to privilege escalation in this scenario?
Open an interactive chat with Bash
Certified Ethical Hacker (CEH)
Cloud Computing
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .