module
Docker Image Persistence
| Disclosed | Created |
|---|---|
| Mar 20, 2013 | Sep 17, 2025 |
Disclosed
Mar 20, 2013
Created
Sep 17, 2025
Description
This module maintains persistence on a host by creating a docker image which runs our
payload, and has access to the host's file system (/host in the container). Whenever the
container restarts, the payload will run, or when the payload dies the executable
will run again after a delay. This will allow for writing back
into the host through cron entries, ssh keys, or other method.
Verified on Ubuntu 22.04.
payload, and has access to the host's file system (/host in the container). Whenever the
container restarts, the payload will run, or when the payload dies the executable
will run again after a delay. This will allow for writing back
into the host through cron entries, ssh keys, or other method.
Verified on Ubuntu 22.04.
Author
h00die
Platform
Linux
Architectures
x86, x64, armle, aarch64, ppc, mipsle, mipsbe
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.