For an ethical hacking class that I will be teaching coming up in the near future I wanted to identify a way where I could provide students with a Kali Linux VM with docker images that they could use to learn from. In the past, I would require the students to run at least 2 virtual machines to accomplish the tasks. Resource constraints were sometimes an issue.
I believe with Docker running on a Kali Linux VM will work for what I need. Here is a link to a site that you could use to walk through setting up Docker on Kali 2.x.
Link to site.
Here are some commands to get docker up and running:
#> service docker start
This will start the docker daemon that is running in the background of the Kali VM
#> docker search ubuntu
This command will search Docker Hub, internet access from the Kali VM is required, for any containers for the word ubuntu. As you can see in the screenshot below, the name of the container, a brief description, the public rating of the container based on the number of starts, and if it is an official release from a trusted vendor.
#> docker pull <name of the container>
In the below screenshot, I am pulling down a container called raesene/bwapp. This was after I searched for bwa or "Broken Web Apps" a project created by OWASP. Notice that this package is not an official release and is contributed by a member of the community, this could be an unsafe docker container and contain malware. Below you can see it as docker is pulling, downloading and extracting the container from docker hub.
#> docker images
In the below screenshot, it shows from the command the images that I have currently. The creation date is when the container was created on Docker Hub or when you created it, for example host1 was created by me 14 hours ago. Warning: It is very easy to download containers and run out of disk space on the VM that you are using.
#> docker run -it ubuntu bash
In the below screenshot, the command was issued to run the ubuntu container in interactive mode. The last item in the command is bash, this tells docker to run the command bash in the container. You are dropped into a bash shell where you can list the files in the container, etc. Notice that the ifconfig command is not found. As in a new install of ubuntu you can install net-tools to then be able to run ifconfig to return interface information.
To install net-tools to the container that is running, first for ubuntu execute apt-get update, to update the repositories.
Then to install net-tools you can run apt-get install net-tools.
As observed above after installing net-tools the ifconfig command will return the interface information of the docker container. Warning: If you type the command 'exit' you will return back to the state of the container prior to you installing net-tools. Nothing is saved at this point-in-time.
Container #> Ctrl <p> Ctrl <q>
If you would like to save the state of the container you are working in, run the above command and it will drop you out to the docker host or the Kali VM while leaving the docker container running.
#> docker ps
The below screenshot demonstrates the execution of Ctrl <p> Ctrl <q> to jump out of a docker container, then the execution of 'docker ps' shows the container still running, the image used, the command being executed, when it was created, the uptime or status, if any network ports are mapped, and a nickname of the container assigned by docker.
#> docker attach <container ID>
#> docker attack <Names or Nickname>
You can reattach to the docker container by issuing the container ID as shown in the above screenshot or by the nickname provided by docker.
#> docker commit <container ID> <New Image Name>
After interacting with the ubuntu container, installing net tools, jumping out of the container while it is running, and now wanting to save the state the image is in I can commit the changes to a new image name. As you can see in the image below I committed the running instance of the ubuntu image by calling it by the nickname, then saving it as ubuntu-w-nettools. Then when you run docker images, you can see the new image available that can be run as a container.
#> docker network create --driver=bridge network1 --subnet=172.31.0.0/24
By default from what I have read docker creates a default bridged network of 172.17.0.0/16. Wow, huge... You can create additional networks that bridge the host VM's NIC. The above command creates a network, that is bridged, with a nickname of network1, and assigns it the subnet 172.31.0.0/24. Warning: Bridging across the interface may allow the container to access the internet.
#> docker network ls
#> docker network inspect network1
In the below screenshot it shows the network1 that I created above, by running 'docker network ls'. To inspect or to get additional details about the networks I can inspect them individually. The example below shows me the details of the network1 that I created, mainly the subnet and the driver used. My thought here was I can control whether a container is in the DMZ or other subnet for organization.
#> docker run -tid --network=network1 --ip=172.31.0.7 ubuntu-w-nettools bash
The above command, creates an interactive container, with the -d it places it in the background, assigns the container to the network1 or the 172.31.0.0/24 subnet, assigns the container to have the IP Address of 172.31.0.7, uses the container that we created with net-tools installed and runs the command bash. As you can see in the below screenshot, the IP Address returned by ifconfig is the one assigned.
#> docker run -d --network=network1 --ip=172.31.0.8 raesene/bwapp
Notice in the above docker container for OWASP Broken Web Apps you do not need to run the command switches of -it to make it interactive. As you can see in the below image I have 3 containers running, the raesene/bwapp has 2 ports mapped so I can interact with port 80 and 3306 by the IP Address assigned.
#> docker rmi image
This command allows you to remove an image from the list presented by 'docker images'
#> docker stop <nickname of container>
#> docker stop <container ID>
#> docker kill <nickname of container>
#> docker kill <container ID>
As showing below I am using the above command to stop or kill the container that is running. Obviously a difference between stopping and killing of the running container.
Hopefully, this has been helpful. Considering I sat down yesterday with the intention to learn about docker and within 3 hours I had a very basic understanding of how it could benefit the class that I will be teaching and in other ways in my career. Warning again that the docker service runs as root and you should trust the containers that you download and execute, be careful, you may trust the creator but may not trust who was on the creators computer at the time.
Enjoy.
Twitter: @lokut
This blog is for educational purposes only. The opinions expressed in this blog are my own and do not reflect the views of my employers.
Subscribe to:
Post Comments (Atom)
Test Authentication from Linux Console using python3 pexpect
Working with the IT420 lab, you will discover that we need to discover a vulnerable user account. The following python3 script uses the pex...
-
Here is a quick walk through of GetBoo. The first item that I found was you can harvest the usernames of the existing users that are regist...
-
As I was glancing through the logs of my honeypots I spent some time to look at the following logs. In the past I have just overlooked them...
-
I thought I would work through a few of these web applications provided by OWASP on their broken web applications VM. The first one I th...
-
Today looking at the logs of the honeypots, I became curious based on the whois of the IP Addresses attempting to login to SSH which country...
-
Recently I was doing some scanning with a tool that is available on github called masscan. The tool allows you to configure a configuration...
No comments:
Post a Comment