December 7, 2024

Docker testing rogue images

I’m trying to test if Docker images can be used for reversing, I’ll start by seeing if I can fire up a docker instance and access it via network management, using a TAP to access web config:

apt install qemu-system bridge-utils iproute2
 
apt install docker.io
systemctl enable docker
systemctl start docker
ps aux | grep docker
  root        1198  0.0  2.1 2060972 84028 ?       Ssl  10:16   0:00 /usr/sbin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
docker --version
  Docker version 26.1.5+dfsg1, build a72d7cd
apt install net-tools
 
// add tap between QEMU and Docker
ip tuntap add tap0 mode tap
ip link set tap0 up
ip addr add 192.168.200.1/24 dev tap0
ip a
  1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host noprefixroute
       valid_lft forever preferred_lft forever
  2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 00:0c:29:2d:8c:c8 brd ff:ff:ff:ff:ff:ff
    inet 172.16.50.150/24 brd 172.16.50.255 scope global noprefixroute eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::a2a3:3cda:3a17:3958/64 scope link noprefixroute
       valid_lft forever preferred_lft forever
  3: br-ea581fc79400: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
    link/ether 02:42:fc:e1:19:5a brd ff:ff:ff:ff:ff:ff
    inet 172.18.0.1/16 brd 172.18.255.255 scope global br-ea581fc79400
       valid_lft forever preferred_lft forever
  4: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
    link/ether 02:42:51:8b:c8:72 brd ff:ff:ff:ff:ff:ff
    inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
       valid_lft forever preferred_lft forever
  5: tap0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
    link/ether 62:22:12:4e:9e:75 brd ff:ff:ff:ff:ff:ff
    inet 192.168.200.1/24 scope global tap0
       valid_lft forever preferred_lft forever
 
// run firmware-test docker instance
docker search kali
  NAME                       DESCRIPTION                                     STARS     OFFICIAL
  leplusorg/kali             Kali Linux as a docker container.               6
  brimstone/kali             Image for various bits of Kali Linux            11
  mlinarik/kali                                                              0
  artis3n/kali               Source + Readme: https://github.com/artis3n/0
  isaudits/kali              Kali Linux with installed toolset; separate …   3
  finchsec/kali              Kali with Wi-Fi tools - Refreshed/Updated ev…   1
  buluma/kali                Kali Linux (kali-rolling) Docker container f…   1
  martinmspedersen/kali      Kali Linux                                      2
  pant/kali                  Clean Kali Installation-Update from official…   0
  amitie10g/kali             Kali Linux for all needs                        0
  penpublicreps/kali                                                         1
  johnsandiford/kali         Kali Linux                                      0
  linuxkonsult/kali          Kali Linux 2.0 base image                       10
  vineelsai/kali                                                             0
  qeeqbox/kali               Kali distro with remote access (VNC, RDP and…   1
  andreaslae/kali                                                            0
  oonray/kali                                                                0
  bikramjit/kali                                                             0
  mbennao/kali                                                               0
  dockersecplayground/kali                                                   1
  kal747/kali                Kali                                            0
  ctarwater/kali             Kali base image (no tools)                      0
  oza6ut0ne/kali                                                             0
  pglynn/kali                                                                0
  danilonc/kali              Kali with apt cache downloaded                  0