📋
A Journey From IT to IT Security
  • IT Training Resources
  • IT Security Roles
    • Web Application Security Specialist
      • Training Guide
      • Self-hosted Training Lab
        • Vulnerable Web Apps
      • Web Security testing Methodology
        • 1 Footprinting
        • 2 Scanning
        • 3 Enumeration
        • 4 Gaining Access
        • 5 Maintain Access
        • 6 Covering Tracks
        • 7 Vulnerability assessment
    • DevSecOps Engineer
      • Training Guide
      • Building a DevSecOps CD/CI Pipeline
        • Self-hosted DevOps CD/CI platforms
        • Software Component Analysis (SCA)
        • Static Application Security Testing (SAST)
        • Dynamic Application Security Testing (DAST)
        • System Hardening
        • System Compliance Analysis
        • Vulnerability Analysis
      • Ready-to-use and train DevSecOps CD/CI Pipeline
    • Chief Information Security Officer (CISO)
    • Digital Forensics Investigator
      • Forensics Methodology
    • Cloud Security Engineer
      • Getting started with kubernetes
  • Resources
    • IT Basics
      • Networking Basics Study Guide
      • RBAC / ABAC
      • Anonymous Surfing
      • Python Programming
      • Infrastructure as code
      • Containers
        • Docker
        • Docker security
      • The Security Development Lifecycle (SDL)
    • Literature
    • Useful Tool Tutorials
    • Useful Online Tools
    • Exploits
  • Unsorted
    • Gitlab-ci with docker-compose
Powered by GitBook
On this page
  • Attack vectors
  • Footprinting
  • Find out which host has a docker deamon running:
  • Find out if a container leaks information in the env config
  • Find out if memory had been allocated to a container
  • Attack docker
  • Defend docker
  1. Resources
  2. IT Basics
  3. Containers

Docker security

Attack vectors

Docker can be attacked on these vectors:

  1. OS and kernel attacks

  2. Network-based attacks

  3. Daemon-based attacks

  4. Image-based attacks

  5. Application-based attacks.

Footprinting

Find out which host has a docker deamon running:

ps aux | grep dockerd

then output the running containers (-a also exited containers)

$ docker ps

Find out if a container leaks information in the env config

AIf the container had been started with docker environment variables, these vars can leak information.

Example:

$ docker run -it --rm -e \ USERNAME=user -e PASSWORD=secretpassword ubuntu-nginx sh

If you have access to docker container, you can read all of its environment variables by typing the env command.

# env
HOSTNAME=4aa2989f5194
HOME=/root
PKG_RELEASE=1~buster
TERM=xterm
NGINX_VERSION=1.19.10
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
NJS_VERSION=0.5.3
PWD=/
PASSWORD=secretpassword
#

Find out if memory had been allocated to a container

Verify if a particular container is suspectable for a Denial of service attack. If memory has been allocated, the container might be vulnerable to a DoS attack.

Example:

$ docker run --rm -it -m 100mb -d alpine sh

Show the memory allocation in the stats:

$ docker stats a3cba64a7c7884ca78f5c2a1c4b925fbe0534a233d51537ae44cb3a4b34b47d0
CONTAINER ID   NAME             CPU %     MEM USAGE / LIMIT   MEM %     NET I/O     BLOCK I/O     PIDS
a3cba64a7c78   focused_cannon   0.00%     532KiB / 100MiB     0.52%     796B / 0B   1.11MB / 0B   1

Attack docker

Defend docker

PreviousDockerNextThe Security Development Lifecycle (SDL)

Last updated 4 years ago

LogoLesson 4: Hacking Containers Like A Boss - Practical DevSecOpsPractical DevSecOps
LogoLesson 5: Hacking Containers Like A Boss - Part 2 - Practical DevSecOpsPractical DevSecOps
LogoLesson 6: Defending container Infrastructure - Practical DevSecOpsPractical DevSecOps