To start we'll launch a container running Elasticsearch 1.4.2 which we'll later exploit.
Launch the container
docker run -d -p 9200:9200 --name es benhall/elasticsearch:1.4.2
By default Docker drops certain Linux capabilities and blocks syscalls to add a default level of security. As a result, the attacker is isolated and the host protect from different attack angles a hacker might use.