Try   HackMD
tags: docker

Image Not Showing Possible Reasons
  • The image file may be corrupted
  • The server hosting the image is unavailable
  • The image path is incorrect
  • The image format is not supported
Learn More →

Pentesting Lab using docker

by leonuz

0. whats its docker

Image Not Showing Possible Reasons
  • The image file may be corrupted
  • The server hosting the image is unavailable
  • The image path is incorrect
  • The image format is not supported
Learn More →

0.1. Instaling Docker

Just Begin whit the networking of dockers

1. List available networks

┌──(leonuz㉿sniperhack)-[~/Pentest-Lab]
└─$docker network ls
NETWORK ID     NAME      DRIVER    SCOPE
f9b24ce95506   bridge    bridge    local
51d655520585   host      host      local
d8713935ea94   none      null      local

2. View the most relevant information of the "bridge" network

┌──(leonuz㉿sniperhack)-[~/Pentest-Lab]
└─$docker network inspect bridge
[
    {
        "Name": "bridge",
        "Id": "f9b24ce955067fa526360e91951674d9cc16de73917d079470587272c6f0127c",
        "Created": "2022-08-01T17:13:17.266757822-04:00",
        "Scope": "local",
        "Driver": "bridge",
        "EnableIPv6": false,
        "IPAM": {
            "Driver": "default",
            "Options": null,
            "Config": [
                {
                    "Subnet": "172.17.0.0/16",
                    "Gateway": "172.17.0.1"
                }
            ]
        },
        "Internal": false,
        "Attachable": false,
        "Ingress": false,
        "ConfigFrom": {
            "Network": ""
        },
        "ConfigOnly": false,
        "Containers": {},
        "Options": {
            "com.docker.network.bridge.default_bridge": "true",
            "com.docker.network.bridge.enable_icc": "true",
            "com.docker.network.bridge.enable_ip_masquerade": "true",
            "com.docker.network.bridge.host_binding_ipv4": "0.0.0.0",
            "com.docker.network.bridge.name": "docker0",
            "com.docker.network.driver.mtu": "1500"
        },
        "Labels": {}
    }
]

3. Install kali image

┌──(leonuz㉿sniperhack)-[~/Pentest-Lab]
└─$ docker pull kalilinux/kali-rolling
Using default tag: latest
latest: Pulling from kalilinux/kali-rolling
c44a5498bf98: Pull complete
Digest: sha256:f2ed86a0504055c6920915decc2be75cc3ecc836b255bb0a34263a7e39cfb24f
Status: Downloaded newer image for kalilinux/kali-rolling:latest
docker.io/kalilinux/kali-rolling:latest

4. Create a container based on the kali image and access it.

NOTE: To identify the containers, we give a name to each one of them during the execution, in this case we will call it "Container_Kali":

┌──(leonuz㉿sniperhack)-[~/Pentest-Lab]
└─$docker run -ti --name Container_Kali kalilinux/kali-rolling /bin/bash
┌──(root㉿ba54ccb86aeb)-[/]
└─# uname -a
Linux ba54ccb86aeb 5.18.0-kali5-amd64 #1 SMP PREEMPT_DYNAMIC Debian 5.18.5-1kali6 (2022-07-07) x86_64 GNU/Linux

5. Upgrade kali

┌──(leonuz㉿sniperhack)-[~/Pentest-Lab]
└─$sudo apt update && apt dist-upgrade
┌──(leonuz㉿sniperhack)-[~/Pentest-Lab]
└─$sudo apt autoremove & apt clean

6. Installing packages to Kali

┌──(leonuz㉿sniperhack)-[~/Pentest-Lab]
└─$apt install kali-tools-top10 #Install the top 10 kali apps
......
.....
REDACTED
.....
......
Setting up burpsuite (2022.7.1-0kali1) ...
Setting up hydra (9.3-3+b1) ...
Setting up kali-tools-top10 (2022.3.10) ...
Processing triggers for ca-certificates (20211016) ...
Updating certificates in /etc/ssl/certs...
0 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d...
done.
Processing triggers for libc-bin (2.33-8) ...
Processing triggers for libgdk-pixbuf-2.0-0:amd64 (2.42.8+dfsg-2) ...
Processing triggers for ca-certificates-java (20220719) ...
done.

NOTE: To install more packages and binaries here

7. List containers

┌──(leonuz㉿sniperhack)-[~/Pentest-Lab]
└─$docker container ls -a
CONTAINER ID   IMAGE                    COMMAND       CREATED          STATUS                       PORTS     NAMES
ba54ccb86aeb   kalilinux/kali-rolling   "/bin/bash"   14 minutes ago   Exited (127) 5 seconds ago             Container_Kali

8. Start the container (using the name)

┌──(leonuz㉿sniperhack)-[~/Pentest-Lab]
└─$docker start Container_Kali
Container_Kali

9. Enter the container

┌──(leonuz㉿sniperhack)-[~/Pentest-Lab]
└─$docker exec -it Container_Kali /bin/bash
┌──(root㉿ba54ccb86aeb)-[/]
└─#

10. Save the updated and customized image

┌──(leonuz㉿sniperhack)-[~/Pentest-Lab]
└─$docker commit Container_Kali imagen-kali
sha256:b5bb0ecd3c673411638e8c7588b455ef7a914ec73de7e4d3d60d259987eb97f8

10.1. You can save the image to export it and use it again in another station with docker, using the following command

┌──(leonuz㉿sniperhack)-[~/DOCKER-IMG] # let's first go to where we want the image to be stored
└─$ docker save -o kali-top10.tar imagen-kali
┌──(leonuz㉿sniperhack)-[~/DOCKER-IMG]
└─$ ls -la
total 3552068
drwxr-xr-x  2 leonuz leonuz       4096 Aug  1 18:13 .
drwxr-xr-x 50 leonuz leonuz       4096 Aug  1 18:12 ..
-rw-------  1 leonuz leonuz 3637301760 Aug  1 18:13 kali-top10.tar

10.2 To load the image saved on disk, we use the following:

┌──(leonuz㉿sniperhack)-[~/DOCKER-IMG]
└─$ docker load -i  kali-top10.tar
Loaded image: imagen-kali:latest

11. Run the container (with all updates and applications installed)

┌──(leonuz㉿sniperhack)-[~/Pentest-Lab]
└─$docker run -ti imagen-kali /bin/bash

12. Install images of vulnerable machines

┌──(leonuz㉿sniperhack)-[~/Pentest-Lab]
└─$ docker pull bkimminich/juice-shop
Using default tag: latest
latest: Pulling from bkimminich/juice-shop
Digest: sha256:35fce029db378b200a92dbdb1587100d562458637fc776ff85e713e0ef793000
Status: Image is up to date for bkimminich/juice-shop:latest
docker.io/bkimminich/juice-shop:latest

12.1. Leave in background running the Container_Juice_Shop:

┌──(leonuz㉿sniperhack)-[~/Pentest-Lab]
└─$ docker run -d -p 3000:3000 --name Container_Juice_Shop bkimminich/juice-shop
09c91a7efcaab6b973dda8c56015bf34c121fe2ad2b6132e37e1a2b109240db5

12.2. Install the other vulnerable image (Security-Ninja):

┌──(leonuz㉿sniperhack)-[~/Pentest-Lab]
└─$ docker pull opendns/security-ninjas
Using default tag: latest
latest: Pulling from opendns/security-ninjas
Image docker.io/opendns/security-ninjas:latest uses outdated schema1 manifest format. Please upgrade to a schema2 image for better future compatibility. More information at https://docs.docker.com/registry/spec/deprecated-schema-v1/
e190868d63f8: Pull complete
909cd34c6fd7: Pull complete
0b9bfabab7c1: Pull complete
a3ed95caeb02: Pull complete
f0df993c3aef: Pull complete
09358b20e8bc: Pull complete
5b0e1b98c45e: Pull complete
9c00e77d73a9: Pull complete
fe8e16791cf6: Pull complete
ac8b0ffa2b98: Pull complete
94051df6e066: Pull complete
Digest: sha256:aae15b7ca2827f1d4fcc5b38a238e8a207f1ebc1bd5eef921cef97f5f6262994
Status: Downloaded newer image for opendns/security-ninjas:latest
docker.io/opendns/security-ninjas:latest

12.3. Leave in background running the Container_Security_Ninjas:

┌──(leonuz㉿sniperhack)-[~/Pentest-Lab]
└─$ docker run -d -p 8899:80 --name Container_Security_Ninjas opendns/security-ninjas
f93fa3070c578e41153e064e3f9479cd94ab4ba9b92e0674b87e9765f1e9b0e7

13. To see the IP address of a container, we can view it from Docker with the command "docker inspect" and the container name

┌──(leonuz㉿sniperhack)-[~/Pentest-Lab]
└─$ docker inspect Container_Juice_Shop
[
    {
        "Id": "09c91a7efcaab6b973dda8c56015bf34c121fe2ad2b6132e37e1a2b109240db5",
        "Created": "2022-08-02T00:34:41.972916867Z",
        "Path": "/nodejs/bin/node",
        "Args": [
            "/juice-shop/build/app.js"
        ],
        "State": {
            "Status": "running",
            "Running": true,
            "Paused": false,
            "Restarting": false,
            "OOMKilled": false,
            "Dead": false,
            "Pid": 20254,
            "ExitCode": 0,
            "Error": "",
            "StartedAt": "2022-08-02T00:34:42.270421195Z",
            "FinishedAt": "0001-01-01T00:00:00Z"
        },
        "Image": "sha256:0df4899ababb02713f97f72bcc4d514fac0badae3190f4bb231d30628fd0a9a9",
        "ResolvConfPath": "/var/lib/docker/containers/09c91a7efcaab6b973dda8c56015bf34c121fe2ad2b6132e37e1a2b109240db5/resolv.conf",
        "HostnamePath": "/var/lib/docker/containers/09c91a7efcaab6b973dda8c56015bf34c121fe2ad2b6132e37e1a2b109240db5/hostname",
        "HostsPath": "/var/lib/docker/containers/09c91a7efcaab6b973dda8c56015bf34c121fe2ad2b6132e37e1a2b109240db5/hosts",
        "LogPath": "/var/lib/docker/containers/09c91a7efcaab6b973dda8c56015bf34c121fe2ad2b6132e37e1a2b109240db5/09c91a7efcaab6b973dda8c56015bf34c121fe2ad2b6132e37e1a2b109240db5-json.log",
        "Name": "/Container_Juice_Shop",
        "RestartCount": 0,
        "Driver": "overlay2",
        "Platform": "linux",
        "MountLabel": "",
        "ProcessLabel": "",
        "AppArmorProfile": "docker-default",
        "ExecIDs": null,
        "HostConfig": {
            "Binds": null,
            "ContainerIDFile": "",
            "LogConfig": {
                "Type": "json-file",
                "Config": {}
            },
            "NetworkMode": "default",
            "PortBindings": {
                "3000/tcp": [
                    {
                        "HostIp": "",
                        "HostPort": "3000"
                    }
                ]
            },
            "RestartPolicy": {
                "Name": "no",
                "MaximumRetryCount": 0
            },
            "AutoRemove": false,
            "VolumeDriver": "",
            "VolumesFrom": null,
            "CapAdd": null,
            "CapDrop": null,
            "CgroupnsMode": "private",
            "Dns": [],
            "DnsOptions": [],
            "DnsSearch": [],
            "ExtraHosts": null,
            "GroupAdd": null,
            "IpcMode": "private",
            "Cgroup": "",
            "Links": null,
            "OomScoreAdj": 0,
            "PidMode": "",
            "Privileged": false,
            "PublishAllPorts": false,
            "ReadonlyRootfs": false,
            "SecurityOpt": null,
            "UTSMode": "",
            "UsernsMode": "",
            "ShmSize": 67108864,
            "Runtime": "runc",
            "ConsoleSize": [
                0,
                0
            ],
            "Isolation": "",
            "CpuShares": 0,
            "Memory": 0,
            "NanoCpus": 0,
            "CgroupParent": "",
            "BlkioWeight": 0,
            "BlkioWeightDevice": [],
            "BlkioDeviceReadBps": null,
            "BlkioDeviceWriteBps": null,
            "BlkioDeviceReadIOps": null,
            "BlkioDeviceWriteIOps": null,
            "CpuPeriod": 0,
            "CpuQuota": 0,
            "CpuRealtimePeriod": 0,
            "CpuRealtimeRuntime": 0,
            "CpusetCpus": "",
            "CpusetMems": "",
            "Devices": [],
            "DeviceCgroupRules": null,
            "DeviceRequests": null,
            "KernelMemory": 0,
            "KernelMemoryTCP": 0,
            "MemoryReservation": 0,
            "MemorySwap": 0,
            "MemorySwappiness": null,
            "OomKillDisable": null,
            "PidsLimit": null,
            "Ulimits": null,
            "CpuCount": 0,
            "CpuPercent": 0,
            "IOMaximumIOps": 0,
            "IOMaximumBandwidth": 0,
            "MaskedPaths": [
                "/proc/asound",
                "/proc/acpi",
                "/proc/kcore",
                "/proc/keys",
                "/proc/latency_stats",
                "/proc/timer_list",
                "/proc/timer_stats",
                "/proc/sched_debug",
                "/proc/scsi",
                "/sys/firmware"
            ],
            "ReadonlyPaths": [
                "/proc/bus",
                "/proc/fs",
                "/proc/irq",
                "/proc/sys",
                "/proc/sysrq-trigger"
            ]
        },
        "GraphDriver": {
            "Data": {
                "LowerDir": "/var/lib/docker/overlay2/0de7ef0f2b227660610eba873bfca7c1f338845c50dd12c25850c1eb0063f844-init/diff:/var/lib/docker/overlay2/76f2ed7fc1b5dd5da8f8c9a870387bfb514f95ba2309b7b212cac678cdba70aa/diff:/var/lib/docker/overlay2/e8eedff361cc53e25c4dcadf12a0153a637c53efcc29c7343e940d000c8565f6/diff:/var/lib/docker/overlay2/44c2c153ca59bc425c35aed5f821b0f2f48c05a051fca05e29a99f4cb5628091/diff:/var/lib/docker/overlay2/3722edb6374c5b9b4c17dbdae97c2d8e83a320d98eb82686c29bc7763f66b9ad/diff:/var/lib/docker/overlay2/3abdfdf1a7a613cbf79d54a5531e90a764f411ec98db02783dcb43de7ef51714/diff:/var/lib/docker/overlay2/712f15ff03b276935de9e4254e0c446df539b58549eedd67e0d444e77c1feb0b/diff",
                "MergedDir": "/var/lib/docker/overlay2/0de7ef0f2b227660610eba873bfca7c1f338845c50dd12c25850c1eb0063f844/merged",
                "UpperDir": "/var/lib/docker/overlay2/0de7ef0f2b227660610eba873bfca7c1f338845c50dd12c25850c1eb0063f844/diff",
                "WorkDir": "/var/lib/docker/overlay2/0de7ef0f2b227660610eba873bfca7c1f338845c50dd12c25850c1eb0063f844/work"
            },
            "Name": "overlay2"
        },
        "Mounts": [],
        "Config": {
            "Hostname": "09c91a7efcaa",
            "Domainname": "",
            "User": "65532",
            "AttachStdin": false,
            "AttachStdout": false,
            "AttachStderr": false,
            "ExposedPorts": {
                "3000/tcp": {}
            },
            "Tty": false,
            "OpenStdin": false,
            "StdinOnce": false,
            "Env": [
                "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
                "SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt"
            ],
            "Cmd": [
                "/juice-shop/build/app.js"
            ],
            "Image": "bkimminich/juice-shop",
            "Volumes": null,
            "WorkingDir": "/juice-shop",
            "Entrypoint": [
                "/nodejs/bin/node"
            ],
            "OnBuild": null,
            "Labels": {
                "maintainer": "Bjoern Kimminich <bjoern.kimminich@owasp.org>",
                "org.opencontainers.image.authors": "Bjoern Kimminich <bjoern.kimminich@owasp.org>",
                "org.opencontainers.image.created": "”2022-07-04T15:18:30Z”",
                "org.opencontainers.image.description": "Probably the most modern and sophisticated insecure web application",
                "org.opencontainers.image.documentation": "https://help.owasp-juice.shop",
                "org.opencontainers.image.licenses": "MIT",
                "org.opencontainers.image.revision": "2ed18c9",
                "org.opencontainers.image.source": "https://github.com/juice-shop/juice-shop",
                "org.opencontainers.image.title": "OWASP Juice Shop",
                "org.opencontainers.image.url": "https://owasp-juice.shop",
                "org.opencontainers.image.vendor": "Open Web Application Security Project",
                "org.opencontainers.image.version": "14.1.1"
            }
        },
        "NetworkSettings": {
            "Bridge": "",
            "SandboxID": "1211398d0e279d63c31e8c8484494ded8067efd8de3408934764d59faf15f2bd",
            "HairpinMode": false,
            "LinkLocalIPv6Address": "",
            "LinkLocalIPv6PrefixLen": 0,
            "Ports": {
                "3000/tcp": [
                    {
                        "HostIp": "0.0.0.0",
                        "HostPort": "3000"
                    },
                    {
                        "HostIp": "::",
                        "HostPort": "3000"
                    }
                ]
            },
            "SandboxKey": "/var/run/docker/netns/1211398d0e27",
            "SecondaryIPAddresses": null,
            "SecondaryIPv6Addresses": null,
            "EndpointID": "c990c4b40e1a42c7d3df47087ae16800d9305102b12f73f8d7ab6b44aa671dae",
            "Gateway": "172.17.0.1",
            "GlobalIPv6Address": "",
            "GlobalIPv6PrefixLen": 0,
            "IPAddress": "172.17.0.3",
            "IPPrefixLen": 16,
            "IPv6Gateway": "",
            "MacAddress": "02:42:ac:11:00:03",
            "Networks": {
                "bridge": {
                    "IPAMConfig": null,
                    "Links": null,
                    "Aliases": null,
                    "NetworkID": "f9b24ce955067fa526360e91951674d9cc16de73917d079470587272c6f0127c",
                    "EndpointID": "c990c4b40e1a42c7d3df47087ae16800d9305102b12f73f8d7ab6b44aa671dae",
                    "Gateway": "172.17.0.1",
                    "IPAddress": "172.17.0.3",
                    "IPPrefixLen": 16,
                    "IPv6Gateway": "",
                    "GlobalIPv6Address": "",
                    "GlobalIPv6PrefixLen": 0,
                    "MacAddress": "02:42:ac:11:00:03",
                    "DriverOpts": null
                }
            }
        }
    }
]

14. by filtering the response to the above command we can search according to what we need. e.g. dir IP

┌──(leonuz㉿sniperhack)-[~/Pentest-Lab]
└─$docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' Container_Juice_Shop
172.17.0.3

15. if we want to start over and delete all images and containers, use the following commands

┌──(leonuz㉿sniperhack)-[~/Pentest-Lab]
└─$docker container stop $(docker container ls -a -q)
┌──(leonuz㉿sniperhack)-[~/Pentest-Lab]
└─$docker system prune -a

16. With this information we can now begin to find and exploit vulnerabilities.

┌──(leonuz㉿sniperhack)-[~/Pentest-Lab]
└─$ docker ps -a
CONTAINER ID   IMAGE                     COMMAND                  CREATED          STATUS          PORTS                                       NAMES
f93fa3070c57   opendns/security-ninjas   "/bin/sh -c '/usr/sb…"   8 minutes ago    Up 8 minutes    0.0.0.0:8899->80/tcp, :::8899->80/tcp       Container_Security_Ninjas
09c91a7efcaa   bkimminich/juice-shop     "/nodejs/bin/node /j…"   34 minutes ago   Up 34 minutes   0.0.0.0:3000->3000/tcp, :::3000->3000/tcp   Container_Juice_Shop
ba54ccb86aeb   kalilinux/kali-rolling    "/bin/bash"              4 hours ago      Up 4 hours                                                  Container_Kali

┌──(leonuz㉿sniperhack)-[~/Pentest-Lab]
└─$ docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' Container_Kali
172.17.0.2

┌──(leonuz㉿sniperhack)-[~/Pentest-Lab]
└─$ docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' Container_Juice_Shop
172.17.0.3

┌──(leonuz㉿sniperhack)-[~/Pentest-Lab]
└─$ docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' Container_Security_Ninjas
172.17.0.4

┌──(leonuz㉿sniperhack)-[~/Pentest-Lab]
└─$ ip a #OUTPUT REDACTED 
1: lo: <LOOPBACK,UP,LOWER_UP> 
    inet 127.0.0.1/8 scope host lo
      
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> 
    inet 192.168.27.154/24 brd 192.168.27.255 
       
3: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> 
    inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
       
7: vetheb3c3c4@if6: <BROADCAST,MULTICAST,UP,LOWER_UP> 

39: vethbc1a24d@if38: <BROADCAST,MULTICAST,UP,LOWER_UP> 

41: veth892cd45@if40: <BROADCAST,MULTICAST,UP,LOWER_UP>

Network Diagram

DockerCheatsheet

Image Not Showing Possible Reasons
  • The image file may be corrupted
  • The server hosting the image is unavailable
  • The image path is incorrect
  • The image format is not supported
Learn More →
More Info:

Image Not Showing Possible Reasons
  • The image file may be corrupted
  • The server hosting the image is unavailable
  • The image path is incorrect
  • The image format is not supported
Learn More →
Docker Forensic:

Image Not Showing Possible Reasons
  • The image file may be corrupted
  • The server hosting the image is unavailable
  • The image path is incorrect
  • The image format is not supported
Learn More →
leonuz

Last changed by 
leonuz
https://leonuz.github.io
0
1674

Read more

TriTriTri

Writeup by leonuz challenge.txt xrnodijiptyoyticfxyipsaghffboyciefzjkfslxqhvnkvbjc+hvaobboxzultwvavkwmcdmxrsrvb+jkhzbcoi+pezwbty+epyiiqsk+cmvx+dvzlerbrmvh En primer lugar, utilizamos el descifrador de cifrado Trifid. Si no est&#xE1;s familiarizado con este cifrado, basta con que busques en Google el nombre del reto junto con la palabra &quot;cipher&quot;. Bas&#xE1;ndonos en la descripci&#xF3;n del reto, fijamos el tama&#xF1;o del grupo en 3.

Dec 10, 2022
[MemLabs 01](https://github.com/leonuz/MemLabs/tree/master/Lab%201)

by leonuz Beginner&apos;s Luck Challenge Description My sister&#x2019;s computer crashed. We were very fortunate to recover this memory dump. Your job is get all her important files from the system. From what we remember, we suddenly saw a black window pop up with some thing being executed. When the crash happened, she was trying to draw something. Thats all we remember from the time of crash. Note: This challenge is composed of 3 flags. Challenge file: MemLabs_Lab1 We start for identify the operating system, for that we use imageinfo plugin.

Oct 26, 2022
GIT Workflow # 1

Complete Workflow for check out a branch and pull changes from master Pull all remote branches git pull --all List all branches now git branch -a Download your branch git checkout -b &lt;feature branch name copied from list of branches above&gt;

Aug 2, 2022
[MemLabs 04](https://github.com/leonuz/MemLabs/tree/master/Lab%204)

by leonuz Obsession Challenge Description My system was recently compromised. The Hacker stole a lot of information but he also deleted a very important file of mine. I have no idea on how to recover it. The only evidence we have, at this point of time is this memory dump. Please help me. Note: This challenge is composed of only 1 flag. The flag format for this lab is: inctf{s0me_l33t_Str1ng}

Aug 2, 2022
Read more from leonuz
Published on HackMD