Docker Vulnerabilities Part Two | Escaping Docker Containers Shell

What’s going on guys welcome back to this video today we’re going to carry over and talk about Docker containers now in the previous video in the last video we talked about containerization the idea of containerization and how it is different or what are the differences between containerization and virtual machines or virtualization and we also talked about how it’s beneficial to use Docker containers if you want to use virtualization or if you want to run locations inside and as well as the environments because containerization saves up resources convenient and also secure.

In today’s video we’re going to talk about how to start building Docker containers so we talk about building Docker containers we talk about following multiple steps systematic steps into finally arriving to a point where you have a fully deployed Docker container.

We’re inside the container could have applications running such as web server mySQL database regular applications operating systems so on and so forth so we will divide building Docker containers into two types the first one building Docker container from scratch and other one is building Docker container by pulling the image over the using arity Docker image file so while we have two types the first one but the first thing is the first type is building Docker container from scratch meaning the first thing we have to do is to create a Docker file namely called a Docker file the dockerfile is actually a file that contains the instructions that will be executed once your Docker is running or was he the docker container is up and running now eventually the dockerfile forms what is called the quart container image so once we build the dockerfile we inform the container what are the instructions or what are the commands that will be executed.

Once the docker container is up and running so the current file is the basic or the pace building block or the unit for any Docker container first we have to construct this file or we can find dr. files online as images we can download them and then we can start the container but if you want to build them from scratch you have to first build the dockerfile so I said so as you can see guys doctor files can be built by understanding what are the basic commands that construct them as you can see dr. files are fermented in the following way instruction and the argument So the instructions are clearly mentioned in the documentation of the dockCoker website you can find all of them here but I mentioned some of them in an example below here so as you can see this is a sample dockerfile so we have the instruction like from work directory run run expose these CMD run these are all called instructions so we have first instruction and then we have the argument so in this case here the instruction is a from and the argument is you’re going to end the tag is 200 220 for now Ubuntu is the name of the image operating system and 22.0 for is the tag the tag specifies the version of the image so when we say from you won’t owe 22.0 for it means we are using the operating system Ubuntu version 12.04 and then we have the instruction work directory slash forward slash means we are setting the working directory to the root of the container and then we have this this one so that instruction is run and up dash kit update Dash y this is a comment.

OAkay that gets executed as you can see I’ve explanations here so run execute a command so we’ll be doing here we execute the updating the ap2 repository and then here we use the same instruction run install a battery so as you can see when we say run we are executing a command the current here is a Linux command so depending on the operating system that is specified in the from instruction the command follows so if you are if you set the operating system to be Windows you have to use Windows command okay and after the instruction Run Okay expose now expose here since we are running a web server we need to run the web server on a port so expose my far as what is the port so it exposes instruction and 80 is the argument happens to be the port 80 and here CMD so what’s the difference between run and CMD so basically both of them executes commands differences CMD executes the command once the container starts okay once the container would go as run when the container starts.

Okay so this is the ready dockerfile now this forms the image of the docker container we want to build okay once the docker file is ready okay we are now ready to proceed to The Next Step so once we prepare the dockerfile we need to build the docker container so the next step is building the docker container so say that we have named the image or the dockerfile as yeah so you can remember that whatever you want then we build the docker container use the following command Docker built darker build builds the container with the docker file we just created so dark horrible Dash T now dash T we give a name to the docker container say we name it as Stocker dots specifies the path to the docker file we created in this case it exists in the current working directory if it doesn’t exist in the current working directory you can specify the path here.

That’s what the dockerfile once we execute this command we have successfully built the docker container we will see that in the Practical scenario once we build the docker containers we have created the dockerfile build the docker container now it’s time to run the containers okay now we own the content using the following command Docker run runs the docker container Dash D Dash T runs the darker control in a detached mode meaning we run it in the background dash dash name Apache web server here we clearly specify a name for the docker container I know we previously specified the stalker but here if you want to change the name you can use dash dash name Dash p 8080 specifies the port which the docker container will use since we are running a web server image okay we use port 80 so that the docker container listens on Port.

This is Docker container with bullets okay now remember that when we built the docker container we named it the stalker so here we specify the name the stalker meaning we were specifying that we want to run the docker container named test docker.

All right so these are the three basic steps so first we built the dockerfile image next we build then the darker itself and then we run it okay now the rest are syntaxes for the coin itself all right now say you don’t want to or we don’t know how to build a Docker file or a Docker image so what you can do the next option is to download the image online okay so basically you can find the docker images found online and GitHub or in the basic or in the documentation page so here if we have a ready Docker image the next step is to immediately build it okay so we have the image
now it’s time to build it but how do we pull the image how to download a darker image so we have to use the command Docker pull ductwork will downloads and online Docker image so
dr. Pol and then we specify the name of the image that’s the name it goes by and that is the version of it okay so you want to latest or we specify the version 22.0 for always say latest so after everything after the column specifies the tag of the image attack specifies as we said earlier it is the version of the image.

So once we have pulled the image okay and we know where we stored the image now we go back to the earlier steps where we start to build the docker container block or build dashti that stalker and with the path to the image so that’s it that’s how it works now next we will come up to auditing Docker images so say we have built the darker image we built the darker itself and finally we run the docker now it’s time to find out whether the docker has been successfully built and run so we can use the docker image LS it will list all of the available Docker images we have created we can remove a specific image using this command Docker image RM and we specify the event itself and the tag all right so let’s first start by listing all of the available Docker images Docker image LS
as you can see we have these images for every image we have the repository the tag of the image the image ID created.

Remember or recall that we can perform all sorts of operations on the image of the docker image using its ID so whenever I want to perform an operation on the image we use its ID or we use the name and the tag is like we mentioned earlier you want to remove a darker image we can say Taco image RM and say web server latest this command would remove the first Docker image
alternatively you can specify the image ID itself so we take this and go to the command line if you want to take a look at all of the operations you can perform the image you can say darker image and will give you the help menu on what sorts of commands you can use what sort of operations you can perform on these Docker images starting from listening removing adding so on so forth
as you can see built-in Port inspect load you can check out the help menu for more examples all right so now we know what our the docker images we have.

Let’s now check the current working directory PWD it is slash home slash cinematic let’s list all the current fights all right so we have a Docker file here remember that the dockerfile is the basic building block of a Docker image so once we built a Docker file okay we we can do sorry we can use the dockerfile to build a ready Docker image.

So let’s take a look at the dockerfile and its contents however that this is the first file that we have to create if we want to create a darker image so get local fide let’s take a look at the file
so from your own toe here we specify the operating system run we execute the command update we upped we update the ap2 depository and then we install a battery and its utilities so basically got as you can see here the commands apt updates and apt and installed the are chained together with developer sense this is very effective if you want to minimize the build Time of the Doctor and make it fast and then we run Eco as you can see this is this displays an HTML page and store it at index.html and then it exposes or it makes the web server listens on Port 80 and then it executes the command at the start of the container.

So we have now a dockerfile that is ready okay we have built now a Docker file now it’s time to convert the stalker file into a container so the next step is to build the container so we use Docker built okay we specify a name for the dark oak returner say we name it Apache server okay and then we specify the path at contains the dockerfile or damaged this case it is the current working directory so we use dots as you can see now this output demonstrates that the build or the building of the darker curtain has been performed successfully.

Okay this will be tagged a battery saver latest so now let’s take a look at the current Docker images so Docker image as you can see now the docker file we created now transformed into an image Apache server right this is the image now and it’s this Dy D and this is the time Cricket when it 121 seconds ago and this is the size and attacked latest after we built according to the dockerfile built image it’s time now to run the docker container okay so Docker run dash dash name but it says we name it web server.

Okay and then we specify port so if we go up you’re not expected to memorize all the commands so you can come back to the notes so P 880 soyuz be 880 and then we specify the image so the image is this now Iran as you can see here we’re just say this means that it occurred has been built and run successfully now we can start the docker but how do we know what is the ID what we do with what do we use to start running the docker container so we can use that yes that’s a to list all of the docker containers that are running and also the docker containers that have been stopped as well.

Okay as you can see we see a list of all the docker containers that are running as you can see we see our Docker container Apache server running okay we can see the time it was created 44 seconds ago the status is as up after 43 seconds and this is the ports and the other names used not just the container ID so we can do here we can say Docker okay start and we can use the name of it darker the ID sorry so now it started if you want to stop the docker containers we can use Docker stop so now let’s go back as you can see here when we listed the available Docker containers we see our Docker container a patchy server now exited for seconds ago so Docker PS Dash a is very useful command guys to list all of the containers running and those also have stopped if you want to run the docker bag you can just say the course start and it will run again so now it is up to seconds.

These are very essential basic operations you have guys to be familiar with if you want to be Phoebe kind of fluent when you are interesting and environment that uses Docker containers so these are the basic commands cars that are very common if you want to deal create and configure and run Docker containers.

Alright so let’s use Docker PS Dash your more time and see the available Docker containers let’s now stop the Apache Apache web server Docker stop so now you’ve seen how we create the court files built Docker images and run Docker containers now it’s time to find out how we can interact with Docker containers so now we know that a doctor could earn is running but it is running in the background I want to interact with this Docker container so what should I do I can say Docker run Dash it which is a mode or an option we can use to interact with the container then we specify the image so the image is Apache server.

Okay and then we say we want to we need to specify the command so what kind of command we want to execute with the container with the concerned one decoder to execute so Sabian bash we want to spawn a shot so this will spawn a shell as you can see this is the host name of the container now so right now as you can see the prompt or the shuttle changed from the username to the hostname of the container so if you type ID as you can see this is the route now many times or oftentimes we see this when we bend test Docker containers we land on our server or a Target machine and we see this prompt and we think that we routed the machine but in fact this is not the actual root user however it is the host name of the docker container so this is the root of the container PWD will display the content W working directory of the container LS Dash L A will list all of the containers files so the existence of the darker environment means that we are inside a Docker containers and now it’s in during pentesting when we see this okay we are definite that this is a Docker container okay so basically if you are been testing your objective is to escape this taco shell this one.

Okay if week at the darker environment file so there is nothing inside are going to verify if we run Docker commands PS Dash a
so as you can see command not found because we are inside the darker itself we have to escape the doctor shell to be able to list all of the information about the running and stop ducking containers so if you scroll down here in the notes I have listed all of the all of these indications that you are dealing with a Docker container in this paragraph the concept of pentesting Docker containers how they are compromised indications of a Docker container the excesses of the docker environment file how to enumerate and Escape strategies.

So from the perspective of when testing when we see this we are inside Docker container the objective is to escape it okay guys so this is how we create and run Docker containers now sometimes you want more complex use cases of Docker containers for example a Docker container we created was just a simple web server sometimes you want to run a complete web application that requires not only a web server also requires a database such as MySQL so in that case you will have to create more done one container and simply this means that you cannot scale up if you want to create more complex applications so what’s the solution for that solution is we use Docker compose so Docker compose is a method to run multiple containers once and altogether and at the same time we connect them using a network so you can go to the documentation and right here Docker compose so it’s Roy Docker compose.

You can see instructions on how to install the docker compose and how to get started but simply to get stoned I can compose a have installed a Docker compose you have to create something called the docker compose file which is written in Jama language it’s extremely important to write this file before you run Docker compose because it specifies all the docker containers that you wish to run and connect together an example is here so as you can see same as dr. far we have instructions version Services networks environment image these are all instructions after the instructions we have to argument the same as darker fired but here in the docker compose file we specify a Docker containers we want to vote for example and this file here which is why the Virgin and then the surface instruction specifies the containers you want to connect the first quarter is whip another one is database built.

We’ll both the docker container that specified for to be Observer and this is the name of the image networks instruction should be the same test Commerce the nobody instruction is an instruction that is used to connect both containers together the web and database and actually the need to be connected because application that doesn’t connect to its database would not work so we need to connect them with the Network’s instruction he supports the whole server for example runs on Port 80 then we come to test the base who use the image MySQL latest
so basically my cycle length is an image that is not created from scratch it’s actually online so the image and the tag is when we see the image and the text specified it means you want to download or pull the image online so the networks and then the environment is specified variables or parameters of the connection database name username and the password and lastly use the insertion networks to indicate that we are I’ve connected these containers together I feel that we specified the docker compose file.

The next step is to run the generals together so we can use Docker compose build and start okay over one command will be Docker compose up you can use stop and down to both stop or stop and delete the container together so guys you also come back to the docker compose documentation and check out the details if you want more details okay guys so that was it I hope you enjoyed the lesson and I will definitely see you in the next video oh don’t forget that you might be asking me how to get these notes you can subscribe to the channel membership and get access to the online portal in addition to PDF files stored in Google Drive so that was it guys I will see you in the next video.