deepce
deepce copied to clipboard
stealthcopter
Reports `Inside Container ........ No` inside of LXD container (Proxmox 8)
Is this only for Docker at this time? Or is vanilla LXD supported too? If so, any idea why it would think it's not in a container when it is?
cat /etc/issue
Ubuntu 24.04 LTS \n \l
uname -a
Linux deepce-example-1 6.8.12-8-pve #1 SMP PREEMPT_DYNAMIC PMX 6.8.12-8 (2025-01-24T12:32Z) x86_64 x86_64 x86_64 GNU/Linux
curl -sL https://github.com/stealthcopter/deepce/raw/main/deepce.sh -o ./deepce.sh
chmod a+x ./deepce.sh
./deepce.sh
## .
## ## ## ==
## ## ## ## ===
/"""""""""""""""""\___/ ===
~~~ {~~ ~~~~ ~~~ ~~~~ ~~~ ~ / ===- ~~~
\______ X __/
\ \ __/
\____\_______/
__
____/ /__ ___ ____ ________
/ __ / _ \/ _ \/ __ \/ ___/ _ \ ENUMERATE
/ /_/ / __/ __/ /_/ / (__/ __/ ESCALATE
\__,_/\___/\___/ .___/\___/\___/ ESCAPE
/_/
Docker Enumeration, Escalation of Privileges and Container Escapes (DEEPCE)
by stealthcopter
==========================================( Colors )==========================================
[+] Exploit Test ............ Exploitable - Check this out
[+] Basic Test .............. Positive Result
[+] Another Test ............ Error running check
[+] Negative Test ........... No
[+] Multi line test ......... Yes
Command output
spanning multiple lines
Tips will look like this and often contains links with additional info. You can usually
ctrl+click links in modern terminal to open in a browser window
See https://stealthcopter.github.io/deepce
===================================( Enumerating Platform )===================================
[+] Inside Container ........ No
[+] User .................... app
[+] Groups .................. app sudo users
[+] Sudo .................... Matching Defaults entries for app on deepce-example-1:
env_reset, mail_badpass,
secure_path=/usr/local/sbin\:/usr/local/bin\:/usr/sbin\:/usr/bin\:/sbin\:/bin\:/snap/bin,
use_pty
User app may run the following commands on deepce-example-1:
(ALL : ALL) ALL
(ALL : ALL) NOPASSWD: ALL
Passwordless Sudo
[+] Container tools ......... None
[+] Docker Executable ....... Not Found
[+] Docker Sock ............. Not Found
[+] Docker Version .......... Version Unknown
==================================( Enumerating Containers )==================================
==============================================================================================
Poking around in the script, I found where inContainer is set, and I looked up some other detection suggestions as well.
Here's what I get:
cat /proc/1/cgroup
0::/init.scope
cat /proc/self/cgroup
0::/user.slice/user-1000.slice/session-17795.scope
cat /proc/self/mountinfo | grep lxc
2474 2461 0:43 /proc/cpuinfo /proc/cpuinfo rw,nosuid,nodev,relatime shared:859 master:52 - fuse.lxcfs lxcfs rw,user_id=0,group_id=0,allow_other
2475 2461 0:43 /proc/diskstats /proc/diskstats rw,nosuid,nodev,relatime shared:860 master:52 - fuse.lxcfs lxcfs rw,user_id=0,group_id=0,allow_other
2476 2461 0:43 /proc/loadavg /proc/loadavg rw,nosuid,nodev,relatime shared:861 master:52 - fuse.lxcfs lxcfs rw,user_id=0,group_id=0,allow_other
2477 2461 0:43 /proc/meminfo /proc/meminfo rw,nosuid,nodev,relatime shared:862 master:52 - fuse.lxcfs lxcfs rw,user_id=0,group_id=0,allow_other
2478 2461 0:43 /proc/slabinfo /proc/slabinfo rw,nosuid,nodev,relatime shared:863 master:52 - fuse.lxcfs lxcfs rw,user_id=0,group_id=0,allow_other
2479 2461 0:43 /proc/stat /proc/stat rw,nosuid,nodev,relatime shared:864 master:52 - fuse.lxcfs lxcfs rw,user_id=0,group_id=0,allow_other
2480 2461 0:43 /proc/swaps /proc/swaps rw,nosuid,nodev,relatime shared:865 master:52 - fuse.lxcfs lxcfs rw,user_id=0,group_id=0,allow_other
2481 2461 0:43 /proc/uptime /proc/uptime rw,nosuid,nodev,relatime shared:866 master:52 - fuse.lxcfs lxcfs rw,user_id=0,group_id=0,allow_other
2482 2466 0:43 /sys/devices/system/cpu /sys/devices/system/cpu rw,nosuid,nodev,relatime shared:874 master:52 - fuse.lxcfs lxcfs rw,user_id=0,group_id=0,allow_other
2744 2463 0:158 /.lxc-boot-id /proc/sys/kernel/random/boot_id ro,nosuid,nodev,noexec,relatime shared:839 - tmpfs none rw,size=492k,mode=755,uid=100000,gid=100000,inode64
The host also has
cat /proc/self/mountinfo | grep lxc
224 29 0:43 / /var/lib/lxcfs rw,nosuid,nodev,relatime shared:81 - fuse.lxcfs lxcfs rw,user_id=0,group_id=0,allow_other