L-DOCKER-GROUPPrivilege Escalation

docker Group Membership → root

User in the docker group can `docker run -v /:/host` — chroot in for root on the host.

§ Where this technique fits

L-DOCKER-GROUP is catalogued under the Privilege Escalation tactic of the offensive-security kill-chain. It appears in 1 approved dossier in the registry, typically at step 3 on average.

§ Dossiers chaining this technique

docker group membership → host root via container escape
User is in the docker group. `docker run -v /:/host --privileged alpine chroot /host` gives them root on the host without sudo.
step 3 / 5

§ What commonly comes next

01
hostPath Volume Mount
K-HOSTPATH-MOUNT · Privilege Escalation
seen 1×

§ Where this technique fits

§ Dossiers chaining this technique

docker group membership → host root via container escape

§ What commonly comes next