A malicious user who gains access Docker API, can launch a container and gain access to the host machine with root permissions.
- Run the following commands
sed -i '/ExecStart/c\ExecStart=/usr/bin/dockerd -H fd:// -H tcp://0.0.0.0:4243' /lib/systemd/system/docker.service
systemctl daemon-reload
service docker restart
- Run an nmap scan on the VM to get the list of ports that are open.
nmap 127.0.0.1 -sV -p 4243
- To verify access to docker API, access
http://<SERVER-IP>:4243/version
andhttp://<SERVER-IP>:4243/images/json
from the browser.
-
Navigate to the directory containing the malicious script.
cd /root/labs/container_training/Container/Docker-Daemon-Configuration
-
Create and Activate the python virtual environment and run the script that will launch a malicious container via. the docker API.
apt install -y virtualenv && export LC_ALL="en_US.UTF-8" && export LC_CTYPE="en_US.UTF-8"
virtualenv venv
source venv/bin/activate
pip install -r requirements.txt
python launch-malicious-docker.py
- On the browser, access the Server-IP and Port.
http://<SERVER-IP>:6080/vnc.html
Right-Click
and open the terminal. The user has UI access to the Host machine.
- Run
clean-docker
to stop all the containers anddeactivate
to exit from the virtual-environment
root@we45:~$ clean-docker