Linux Linux Namespaces: Attaching to Running Namespaces with nsenter

[dEEpEst]

Linux Namespaces: Attaching to Running Namespaces with nsenter

Welcome back, Hack Tools Dark Community!

We've learned how to create isolated containers manually using namespaces. Now, let's explore how to attach to a running namespace using the powerful tool: nsenter.

• ⏺ What is nsenter?:
  nsenter allows you to enter existing namespaces of a running process. This is extremely useful for debugging, monitoring, or interacting with isolated environments.
• ⏺ How to Install nsenter:
  Usually, nsenter comes with the util-linux package:
  
  

  sudo apt update
  sudo apt install util-linux

• ⏺ Basic Usage:
  
  First, find the PID of the process whose namespace you want to join:
  
  

  ps aux | grep target_process

  
  Suppose the PID is 12345.
  
  Now, to enter its mount namespace:
  
  

  sudo nsenter --target 12345 --mount /bin/bash

  
  To enter multiple namespaces at once (e.g., PID, network, IPC, mount):
  
  

  sudo nsenter --target 12345 --pid --net --ipc --mount /bin/bash

• ⏺ Real-World Tip: Attach to a Docker Container Without docker exec:
  
  Find the container's init process:
  
  

  docker inspect --format '{{.State.Pid}}' container_name

  
  And enter:
  
  

  sudo nsenter --target PID --pid --net --ipc --mount /bin/bash

  
  No need for Docker commands — perfect for restricted environments or forensics!
• ⏺ Bonus: List Namespaces of a Process:
  
  You can check the namespaces a process belongs to:
  
  

  ls -l /proc/12345/ns/

  
  Each symlink points to a namespace inode.

---

Disclaimer:
This post is intended for educational purposes only. Unauthorized access to namespaces or system processes may violate policies or laws. Always act responsibly.

Have you used nsenter in your Red Team or Blue Team projects? Share your experiences below! Let's discuss!