## https://sploitus.com/exploit?id=06B62388-F2E7-59FD-9988-85BCD92D61EC
# ๐ docker-shell
A lightweight, dependency-free bash script that gives you an **emulated interactive shell** inside a Docker container โ using nothing but `curl`, `dd`, `od`, and `awk`. No Python, no `jq`, no editor required.
Built for environments where you only have raw shell access and need to exec commands inside a Docker container via the **Docker Engine API**.
---
## ๐ง How It Works
Instead of using the Docker CLI, this script talks directly to the **Docker Engine REST API** over HTTP (typically exposed at `http://192.168.65.7:2375` in Docker Desktop / WSL2 environments).
It:
1. Creates and starts an Alpine Linux container with your Windows `C:\` drive mounted
2. For each command you type, it creates an exec instance via the API
3. Parses Docker's **multiplexed binary stream** output using pure `dd` + `od` โ no Python needed
4. Prints the result back to your terminal like a real shell
### Docker Multiplexed Stream
Docker wraps all exec output in a binary framing format:
```
[1 byte: stream type] [3 bytes: padding] [4 bytes: payload size (big-endian)] [payload...]
```
This script decodes that frame-by-frame using only standard Unix tools.
---
## โ๏ธ Requirements
- `bash`
- `curl`
- `dd`, `od`, `awk`, `grep`, `cut` โ all standard Unix tools
- Docker Engine API accessible at `http://192.168.65.7:2375` (Docker Desktop on WSL2)
No `jq`, no Python, no nano, no editor.
---
## ๐ Installation
```bash
git clone https://github.com/yourusername/docker-shell.git
cd docker-shell
chmod +x docker_shell.sh
bash docker_shell.sh
```
---
## ๐ป Usage
```
================================================
Docker Emulated Shell [target: alpine_escape]
Commands: start | status | run | exit
================================================
docker> start
docker> status
docker> run ls /mnt
docker> run ls /mnt/Users
docker> run cat /etc/os-release
docker> run id
docker> exit
```
### Commands
| Command | Description |
|---|---|
| `start` | Creates (if needed) and starts the `alpine_escape` container |
| `status` | Shows the container ID and current state |
| `run ` | Executes any shell command inside the container |
| `exit` / `quit` | Exits the emulated shell |
---
## ๐๏ธ Mount Layout
The container mounts your Windows `C:\` drive (via WSL2) at `/mnt`:
| Windows Path | Inside Container |
|---|---|
| `C:\` | `/mnt` |
| `C:\Users` | `/mnt/Users` |
| `C:\Program Files` | `/mnt/Program Files` |
| `C:\Windows\System32` | `/mnt/Windows/System32` |
---
## โ ๏ธ Notes
- Each `run` is a **separate exec instance** โ state does not persist between commands. Use `run cd /some/dir && ls` to chain commands in one call.
- The script targets the container by **name** (`alpine_escape`), not by ID, so it won't accidentally exec into the wrong container.
- Output is parsed directly from the binary file `/tmp/docker_out.bin` using `dd` frame-by-frame.
---
## ๐ง Configuration
Edit these variables at the top of the script to match your environment:
```bash
DOCKER="http://192.168.65.7:2375" # Docker Engine API address
CONTAINER="alpine_escape" # Container name
```
---
## ๐ License
AGPLv3