Docker Image Analysis
A Docker image is a file that is used to create a container. It contains applications/binaries and files that define the function and behavior of the corresponding containers. Docker images are built using instructions in a plain-text file known as a Dockerfile.
This category covers the analysis of Docker Image layers and how to recover overwritten artifacts from Docker images.
What will you learn?
Extracting Docker image layers
Recovering overwritten artifacts
Finding secrets from Docker images and using them on live servers
References:
Docker Image vulnerability scanning (https://coreos.com/clair/docs/latest/)
Docker Image Scanning (https://sysdig.com/blog/docker-image-scanning/)
Labs:
In this lab, you will learn to leverage the Docker image of a deployed container to steal secrets from the deployed container. A non-exhaustive list of activities to be covered includes:
Interact and list images/tags present on the registry using curl
Fetch the web server image using curl and extract the images using tar
Use the information revealed from previous steps to steal information from running web server container
In this lab, you will learn to leverage the Docker image of a deployed container to retrieve private keys and then login into the deployed container. A non-exhaustive list of activities to be covered includes:
Interact and list images/tags present on the registry using curl
Fetch the SSH image using curl and extract the images using tar
Look for private key configured for SSH
Use this private key to SSH into the running container and steal information from it
In this lab, you will learn to leverage the credentials embedded in a Dockerfile that is hosted on an open Git repository to steal secrets from the deployed container. A non-exhaustive list of activities to be covered includes:
Interact and check the source files hosted on public Gitlab repository
Locate the hardcoded credentials for FTP service
Use these credentials to steal information from running FTP container
In this lab, you will learn to identify a misconfiguration from the publicly hosted source code of a deployed container and use this misconfiguration to steal secrets from the deployed container. A non-exhaustive list of activities to be covered includes:
Interact and check the source files hosted on public Gitlab repository
Locate the misconfiguration in web server configuration
Use these knowledge to steal information from running web server container