[BlackHat tool] BOtB: A container analysis and exploitation tool

Break out the Box (BOtB)

BOtB is a container analysis and exploitation tool designed to be used by pentesters and engineers while also being CI/CD friendly with common CI/CD technologies.

What does it do?

BOtB is a CLI tool which allows you to:

  • Exploit common container vulnerabilities
  • Perform common container post-exploitation actions
  • Provide capability when certain tools or binaries are not available in the Container
  • Use BOtB’s capabilities with CI/CD technologies to test container deployments
  • Perform the above in either a manual or an automated approach

Current Capabilities

  • Find and Identify UNIX Domain Sockets
  • Identify UNIX domain sockets which support HTTP
  • Find and identify the Docker Daemon on UNIX domain sockets or on an interface
  • Analyze and identify sensitive strings in ENV and process in the ProcFS i.e /Proc/{pid}/Environ
  • Identify metadata services endpoints i.e
  • Perform a container breakout via exposed Docker daemons
  • Perform a container breakout via CVE-2019-5736
  • Hijack host binaries with a custom payload
  • Perform actions in CI/CD mode and only return exit codes > 0
  • Scrape metadata info from GCP metadata endpoints
  • Push data to an S3 bucket
  • Break out of Privileged Containers
  • Force BOtB to always return a Exit Code of 0 (useful for non-blocking CI/CD)



Copyright (C) 2019 brompwnie

Anastasis Vasileiadis

PC Technical || Penetration Tester || Ethical Hacker || Cyber Security Expert || Cyber Security Analyst || Information Security Researcher || Malware analyst || Malware Investigator || Reverse Engineering

SC ProDefence SRL - Cyber Security Services