Differences

This shows you the differences between two versions of the page.

--- docker:attack_docker_exposed_api [2020/04/09 10:57] – peter
+++ docker:attack_docker_exposed_api [2020/05/13 08:31] (current) – removed peter
@@ Line 1: / Line 1: @@
-====== Docker - Attack Docker exposed API ======
-If you have enabled Docker Remote API, per [[Docker:Enable Docker Remote API|Enable Docker Remote API]], you may be vulnerable to attacks.
-----
-Information Gathering & Enumeration
-===== Do a port scan =====
-<code bash>
-sudo nmap -sS -T5 192.168.1.118 -p-Starting Nmap 7.01 ( https://nmap.org ) at 2017-04-11 12:37 CEST
-Nmap scan report for 192.168.1.118
-Host is up (0.00076s latency).
-Not shown: 65498 closed ports, 35 filtered ports
-PORT     STATE SERVICE
-/tcp   open  ssh
-/tcp open  docker
-MAC Address: 0C:01:67:8A:63:F2 (Oracle VirtualBox virtual NIC)
-</code>
-I had to scan more ports that the default top 1000 because the docker API port is not included :(
-Ok then, what about service detection?
-nmap -sTV -p 2376 192.168.1.7Starting Nmap 7.01 ( https://nmap.org ) at 2018-08-10 16:35 CEST
-Nmap scan report for 192.168.1.7
-Host is up (0.00038s latency).
-PORT     STATE SERVICE    VERSION
-/tcp open  18.06.0-ce DockerService detection performed. Please report any incorrect results at https://nmap.org/submit/ .
-Nmap done: 1 IP address (1 host up) scanned in 77.78 seconds
-This confirm that we are dealing with Docker, nmap also discovered the exact version of Docker, if we want to confirm it manyally we can issue a GET request to the endpoint located at: http://<IP>:2376/version