The talk is “An Attacker Looks at Docker: Approaching Multi-Container Applications“ by Wesley McGrew and can be found here.
My presentation at TASK
Summary of the Content
What is Docker?
- Docker is a tool designed to make it easier to create, deploy, and run applications by using containers
- Containers – a standardized unit of software
- Essentially a config file for virtual machines
- Lightweight, easy to share, easy to deploy
Basic Docker Configuration
- Containerization allows for the design of applications that are composed of many independent single-purpose services eg. microservices
- Each multi-container docker setup creates a network with all the dependant containers safely nested inside
- Container images are usually pulled from a registry
- Specific ports are exposed to the public
- Set the user permissions and start script
Looking at Docker from the Red
Multi-container applications have their own networks and are possibly shared with other applications
- Monolithic – Specific knowledge of the platform is required
- Multi-container – Leverage system/network-level post-exploitation and sniffing tools
- Docker inherently trusts the internal network by default
- This gives an attacker many opportunities to pivot once they’re in
Exploiting Multi-container Systems
- The attack begins by exploiting a single service
- Once you have access to one container, you can now scan the rest of the network
- Similar to examining an internal network
- NMAP or any equivalent tool can scan for any hidden services
- You can then use your container to expose a hidden service
Difficulties
- Docker images are usually not default server installations
- Stripped version of most of the popular Linux flavours
- Getting a scanner onto very slim images can be difficult
- Getting anything onto these images can be difficult
- Docker has no fingerprint when looking at it from the outside
Demo
Takeaways
- Existing networking skills can be used
- Containers should not be trusted
- Having a basic understanding of new technologies can go a long way
- The trendy/new thing is not that new
- Docker is actually pretty cool