01 January 2020

Insecure Docker Registry I

Docker Registry is the most essential server when it comes to creating a docker environment. It holds all the images which are then pulled by other servers, and then containers get created. Unfortunately, most of the time, the Docker Registry remains unprotected, depending on how people have architected the docker environment.

Run nmap,
root@attackdefense:~# nmap -sV -n -p- 192.127.17.3

SERVICE/VERSION DETECTION:
  -sV: Probe open ports to determine service/version info
HOST DISCOVERY:
  -n/-R: Never do DNS resolution/Always resolve [default: sometimes]
PORT SPECIFICATION AND SCAN ORDER:
-p- to scan ports from 1 through 65535

Scan Results,
PORT     STATE SERVICE VERSION
5000/tcp open  http    Docker Registry (API: 2.0)

Go to docker.com to learn Methods,
https://docs.docker.com/registry/spec/api/

Method Path Entity Description
GET /v2/_catalog Catalog Retrieve a sorted, json list of repositories available in the registry.
GET /v2/<name>/tags/list Tags Fetch the tags under the repository identified by name.

Use curl to retrieve docker image name (repository),
curl http://192.127.17.3:5000/v2/_catalog
curl http://192.127.17.3:5000/v2/alpine/tags/list




Alternatively, using python for loop to automate fetching the repository,
Using requests.get and response.contect from requests library, https://realpython.com/python-requests/
Using json.loads from json library, https://realpython.com/python-json/


Source: attackdefense.com
-
Labels: , , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Open Source Information Gathering using Windows Command Line Utilities

 How to Find the Maximum Frame Size Packet needs to be fragmented but DF set, means that the frame is too large to be on the network and ne...