2375,2376- Pentesting Docker

Docker is a platform popularly used for containerization, offering a standardized way to develop, ship, and run applications across different environments. It simplifies the process of creating and distributing applications, from traditional to modern, and ensures secure deployment across various setups. 

Containerd

It is a standalone container runtime designed to work alongside container engines and infrastructure-as-code tools. It focuses on simplicity, having only essential features required by its users. It is used by Docker to run containers but supports only a subset of Docker’s functionalities. 

Docker’s architecture consists of several key components:

1. Docker Engine- the main component responsible for building, running, and administering containers.

2. Containerd- a low-level container runtime that handles container lifecycle management, including image transfer, storage, execution, monitoring, and networking. 

3. Container Shim- an intermediary that manages headless containers, taking over from runc after initialization. 

4. runc-  a lightweight container runtime that aligns with the OCI standard, used by containerd to start and manage containers. 

5. gRPC- facilitates communication between containerd and the docker-engine, ensuring efficient interaction. 

6. Open Container Initiative(OCI)- maintains specifications for runtime and images, with the latest docker versions complying with both OCI image and runtime standards.

Basic Commands 

1. To get Docker version:

   `docker version`
   

2. To get more information about Dockr settings:

   `docker info`
   

3. To pull an image from a registry

   `docker pull registry:5000/alpine`
   

4. To inspect a container

   `docker inspect <containerid>`
   

5. To list networks

   `docker network ls`
   

6. To execute a command in a running container

   `docker exec-it <containerid> /bin/sh`
   

7. To commit changes to a container image

   `docker commint <containerid> registry:5000/name-container`
   

8. To stop running a container

   `docker stop <containerid>`
   

9. To remove a container

   `docker rm <containerid>`
   

10. To list images

    `docker image ls`
    

11. To remove an image 

    `docker rmi <imagename>`

Podman 

It is a an open-source container engine that adheres to the OCI standards. It stands out from Docker with several distinct features: 

• Daemonless architecture- unlike Docker’s client- server model with a background daemon, Podman operates without a daemon. 

• Rootless containers- allows running containers the initiating user’s privileges, enhancing security. 

• Compatibility with Docker API- uses the same CLI commands as Docker, allowing seamless integration. 

Default Port and Authentication

The default port for Docker’s remote API is 2375 when enabled. However, by default, the service does not require authentication, which can be exploited by attackers to start privileged containers or access sensitive data.

Enumeration: to enumerate Docker information. You can use various methods

1. Using curl:

   

   
   

2. Using docker command:

   

Exploiting Docker: several vulnerabilities can be exploited in Docker

1. Privilege Escalation: 

   

   
   

2. Accessing Host Files:

   

   
   

3. Discovering Secrets: