cnit 124: advanced ethical hacking docker (not in textbook) & ch 8: exploitation
TRANSCRIPT
![Page 1: CNIT 124: Advanced Ethical Hacking Docker (not in textbook) & Ch 8: Exploitation](https://reader035.vdocument.in/reader035/viewer/2022062805/5697bff11a28abf838cbb2b4/html5/thumbnails/1.jpg)
CNIT 124: Advanced Ethical
Hacking
Docker (not in textbook) &Ch 8: Exploitation
![Page 2: CNIT 124: Advanced Ethical Hacking Docker (not in textbook) & Ch 8: Exploitation](https://reader035.vdocument.in/reader035/viewer/2022062805/5697bff11a28abf838cbb2b4/html5/thumbnails/2.jpg)
Docker
![Page 3: CNIT 124: Advanced Ethical Hacking Docker (not in textbook) & Ch 8: Exploitation](https://reader035.vdocument.in/reader035/viewer/2022062805/5697bff11a28abf838cbb2b4/html5/thumbnails/3.jpg)
Docker Architecture
![Page 4: CNIT 124: Advanced Ethical Hacking Docker (not in textbook) & Ch 8: Exploitation](https://reader035.vdocument.in/reader035/viewer/2022062805/5697bff11a28abf838cbb2b4/html5/thumbnails/4.jpg)
Main Docker Components
• Docker– the open source container virtualization platform
• Docker Hub– Software-as-a-Service platform for sharing and
managing Docker containers– The primary public Docker registry
![Page 5: CNIT 124: Advanced Ethical Hacking Docker (not in textbook) & Ch 8: Exploitation](https://reader035.vdocument.in/reader035/viewer/2022062805/5697bff11a28abf838cbb2b4/html5/thumbnails/5.jpg)
Images and Registries
• Docker images– Read-only templates with OS and installed
software– Used to build servers
• Docker registries– Stores that hold images. May be public or private.– You upload or download images from stores– Used to distribute servers
![Page 6: CNIT 124: Advanced Ethical Hacking Docker (not in textbook) & Ch 8: Exploitation](https://reader035.vdocument.in/reader035/viewer/2022062805/5697bff11a28abf838cbb2b4/html5/thumbnails/6.jpg)
Images, Registries, and Containers
• Docker containers– Like virtual machines– Can be run, started, stopped, moved, and deleted– Used to run servers
![Page 7: CNIT 124: Advanced Ethical Hacking Docker (not in textbook) & Ch 8: Exploitation](https://reader035.vdocument.in/reader035/viewer/2022062805/5697bff11a28abf838cbb2b4/html5/thumbnails/7.jpg)
UnionFS
• Docker uses UnionFS– Mounts an entire file system on top of another file
system, in layers– Priority is defined, so it knows which file is the
current one if more than one copy of a file is present
• Makes docker containers MUCH smaller than virtual machines– Because they don't make extra copies of files
![Page 8: CNIT 124: Advanced Ethical Hacking Docker (not in textbook) & Ch 8: Exploitation](https://reader035.vdocument.in/reader035/viewer/2022062805/5697bff11a28abf838cbb2b4/html5/thumbnails/8.jpg)
64-Bit v. 32-Bit
• Docker is intended for 64-bit systems• It can be used to a limited extent on 32-bit
systems, but that is not supported
![Page 9: CNIT 124: Advanced Ethical Hacking Docker (not in textbook) & Ch 8: Exploitation](https://reader035.vdocument.in/reader035/viewer/2022062805/5697bff11a28abf838cbb2b4/html5/thumbnails/9.jpg)
Docker Hub
![Page 10: CNIT 124: Advanced Ethical Hacking Docker (not in textbook) & Ch 8: Exploitation](https://reader035.vdocument.in/reader035/viewer/2022062805/5697bff11a28abf838cbb2b4/html5/thumbnails/10.jpg)
Docker 32-Bit Images
![Page 11: CNIT 124: Advanced Ethical Hacking Docker (not in textbook) & Ch 8: Exploitation](https://reader035.vdocument.in/reader035/viewer/2022062805/5697bff11a28abf838cbb2b4/html5/thumbnails/11.jpg)
Important Docker Commands
• docker pull <image>– Downloads <image> from Docker Hub
• docker images– Shows local images
• docker run -it <image> bash– Creates a container based on <image> , starts it,
and shows a Bash shell
![Page 12: CNIT 124: Advanced Ethical Hacking Docker (not in textbook) & Ch 8: Exploitation](https://reader035.vdocument.in/reader035/viewer/2022062805/5697bff11a28abf838cbb2b4/html5/thumbnails/12.jpg)
Important Docker Commands
• docker ps– Lists running containers– With "-a" switch, shows all containers
• docker start <container-name>– Starts a container
• docker attach <container-name– Attaches to a running container– Shows a "sh" command-line
![Page 13: CNIT 124: Advanced Ethical Hacking Docker (not in textbook) & Ch 8: Exploitation](https://reader035.vdocument.in/reader035/viewer/2022062805/5697bff11a28abf838cbb2b4/html5/thumbnails/13.jpg)
Important Docker Commands
• Ctrl+P, Ctrl+Q– Detaches from a running container without
stopping it• docker run -p 8080:80 -it <image-name> bash– Creates a container, forwarding port 8080 on the
host to port 80 inside the container, showing a bash shell
![Page 14: CNIT 124: Advanced Ethical Hacking Docker (not in textbook) & Ch 8: Exploitation](https://reader035.vdocument.in/reader035/viewer/2022062805/5697bff11a28abf838cbb2b4/html5/thumbnails/14.jpg)
Project Walkthrough
![Page 15: CNIT 124: Advanced Ethical Hacking Docker (not in textbook) & Ch 8: Exploitation](https://reader035.vdocument.in/reader035/viewer/2022062805/5697bff11a28abf838cbb2b4/html5/thumbnails/15.jpg)
iClicker Questions
![Page 16: CNIT 124: Advanced Ethical Hacking Docker (not in textbook) & Ch 8: Exploitation](https://reader035.vdocument.in/reader035/viewer/2022062805/5697bff11a28abf838cbb2b4/html5/thumbnails/16.jpg)
Which item can be started and stopped
like a virtual machine?
A. Docker
B. Docker hub
C. Docker image
D. Docker registry
E. Docker container
![Page 17: CNIT 124: Advanced Ethical Hacking Docker (not in textbook) & Ch 8: Exploitation](https://reader035.vdocument.in/reader035/viewer/2022062805/5697bff11a28abf838cbb2b4/html5/thumbnails/17.jpg)
If CCSF makes a private server full of
proprietary templates, what have they
created?A. Docker
B. Docker hub
C. Docker image
D. Docker registry
E. Docker container
![Page 18: CNIT 124: Advanced Ethical Hacking Docker (not in textbook) & Ch 8: Exploitation](https://reader035.vdocument.in/reader035/viewer/2022062805/5697bff11a28abf838cbb2b4/html5/thumbnails/18.jpg)
What is the primary public repository Docker provides, containing many versions of
Linux?A. Docker
B. Docker hub
C. Docker image
D. Docker registry
E. Docker container
![Page 19: CNIT 124: Advanced Ethical Hacking Docker (not in textbook) & Ch 8: Exploitation](https://reader035.vdocument.in/reader035/viewer/2022062805/5697bff11a28abf838cbb2b4/html5/thumbnails/19.jpg)
Which docker command creates a
new container?
A. pull
B. run
C. images
D. ps
E. attach
![Page 20: CNIT 124: Advanced Ethical Hacking Docker (not in textbook) & Ch 8: Exploitation](https://reader035.vdocument.in/reader035/viewer/2022062805/5697bff11a28abf838cbb2b4/html5/thumbnails/20.jpg)
Which docker command allows you to control a running
container?A. pull
B. run
C. images
D. ps
E. attach
![Page 21: CNIT 124: Advanced Ethical Hacking Docker (not in textbook) & Ch 8: Exploitation](https://reader035.vdocument.in/reader035/viewer/2022062805/5697bff11a28abf838cbb2b4/html5/thumbnails/21.jpg)
CNIT 124: Advanced Ethical
Hacking
Ch 8: Exploitation
![Page 22: CNIT 124: Advanced Ethical Hacking Docker (not in textbook) & Ch 8: Exploitation](https://reader035.vdocument.in/reader035/viewer/2022062805/5697bff11a28abf838cbb2b4/html5/thumbnails/22.jpg)
Exploiting Default XAMPP Credentials
![Page 23: CNIT 124: Advanced Ethical Hacking Docker (not in textbook) & Ch 8: Exploitation](https://reader035.vdocument.in/reader035/viewer/2022062805/5697bff11a28abf838cbb2b4/html5/thumbnails/23.jpg)
Nmap Scan
![Page 24: CNIT 124: Advanced Ethical Hacking Docker (not in textbook) & Ch 8: Exploitation](https://reader035.vdocument.in/reader035/viewer/2022062805/5697bff11a28abf838cbb2b4/html5/thumbnails/24.jpg)
WebDAV
• Web Distributed Authoring and Versioning – An extension to HTTP– Allows developers to easily upload files to Web
servers
![Page 25: CNIT 124: Advanced Ethical Hacking Docker (not in textbook) & Ch 8: Exploitation](https://reader035.vdocument.in/reader035/viewer/2022062805/5697bff11a28abf838cbb2b4/html5/thumbnails/25.jpg)
XAMPP
• A convenient way to run a LAMP server on Windows– LAMP: Linux, Apache, MySQL, and PHP
• Includes WebDAV, turned on by default, with default credentials– In older versions
![Page 26: CNIT 124: Advanced Ethical Hacking Docker (not in textbook) & Ch 8: Exploitation](https://reader035.vdocument.in/reader035/viewer/2022062805/5697bff11a28abf838cbb2b4/html5/thumbnails/26.jpg)
Cadaver
• A command-line tool to use WebDAV servers• Default credentials allow file uploads
![Page 27: CNIT 124: Advanced Ethical Hacking Docker (not in textbook) & Ch 8: Exploitation](https://reader035.vdocument.in/reader035/viewer/2022062805/5697bff11a28abf838cbb2b4/html5/thumbnails/27.jpg)
Website Defacement
• Violates Integrity, but not as powerful as Remote Code Execution
![Page 28: CNIT 124: Advanced Ethical Hacking Docker (not in textbook) & Ch 8: Exploitation](https://reader035.vdocument.in/reader035/viewer/2022062805/5697bff11a28abf838cbb2b4/html5/thumbnails/28.jpg)
Upload a PHP File
• PHP file executes on the server!
• This is Remote Code Execution
![Page 29: CNIT 124: Advanced Ethical Hacking Docker (not in textbook) & Ch 8: Exploitation](https://reader035.vdocument.in/reader035/viewer/2022062805/5697bff11a28abf838cbb2b4/html5/thumbnails/29.jpg)
Msfvenom Creates Malicious PHP File
![Page 30: CNIT 124: Advanced Ethical Hacking Docker (not in textbook) & Ch 8: Exploitation](https://reader035.vdocument.in/reader035/viewer/2022062805/5697bff11a28abf838cbb2b4/html5/thumbnails/30.jpg)
Meterpreter Reverse Shell
![Page 31: CNIT 124: Advanced Ethical Hacking Docker (not in textbook) & Ch 8: Exploitation](https://reader035.vdocument.in/reader035/viewer/2022062805/5697bff11a28abf838cbb2b4/html5/thumbnails/31.jpg)
Exploiting phpMyAdmin
![Page 32: CNIT 124: Advanced Ethical Hacking Docker (not in textbook) & Ch 8: Exploitation](https://reader035.vdocument.in/reader035/viewer/2022062805/5697bff11a28abf838cbb2b4/html5/thumbnails/32.jpg)
Purpose
• phpMyAdmin provides a convenient GUI • Allows administration of SQL databases
![Page 33: CNIT 124: Advanced Ethical Hacking Docker (not in textbook) & Ch 8: Exploitation](https://reader035.vdocument.in/reader035/viewer/2022062805/5697bff11a28abf838cbb2b4/html5/thumbnails/33.jpg)
phpMyAdmin
![Page 34: CNIT 124: Advanced Ethical Hacking Docker (not in textbook) & Ch 8: Exploitation](https://reader035.vdocument.in/reader035/viewer/2022062805/5697bff11a28abf838cbb2b4/html5/thumbnails/34.jpg)
Should be Protected
• phpMyAdmin should be limited-access– With a Basic Authentication login page, or a more
secure barrier
![Page 35: CNIT 124: Advanced Ethical Hacking Docker (not in textbook) & Ch 8: Exploitation](https://reader035.vdocument.in/reader035/viewer/2022062805/5697bff11a28abf838cbb2b4/html5/thumbnails/35.jpg)
SQL Query
• Can write text to a file• This allows defacement
![Page 36: CNIT 124: Advanced Ethical Hacking Docker (not in textbook) & Ch 8: Exploitation](https://reader035.vdocument.in/reader035/viewer/2022062805/5697bff11a28abf838cbb2b4/html5/thumbnails/36.jpg)
PHP Shell
• Can execute one line of CMD at a time
![Page 37: CNIT 124: Advanced Ethical Hacking Docker (not in textbook) & Ch 8: Exploitation](https://reader035.vdocument.in/reader035/viewer/2022062805/5697bff11a28abf838cbb2b4/html5/thumbnails/37.jpg)
Staged Attack
• Initial attack sends a very small bit of code, such as a single line of CMD
• That attack connects to a server and downloads more malicious code
• Very commonly used by malware
![Page 38: CNIT 124: Advanced Ethical Hacking Docker (not in textbook) & Ch 8: Exploitation](https://reader035.vdocument.in/reader035/viewer/2022062805/5697bff11a28abf838cbb2b4/html5/thumbnails/38.jpg)
FTP Scripts
• File contains text to be executed by command-line FTP client
![Page 39: CNIT 124: Advanced Ethical Hacking Docker (not in textbook) & Ch 8: Exploitation](https://reader035.vdocument.in/reader035/viewer/2022062805/5697bff11a28abf838cbb2b4/html5/thumbnails/39.jpg)
Making the Script File with SQL
![Page 40: CNIT 124: Advanced Ethical Hacking Docker (not in textbook) & Ch 8: Exploitation](https://reader035.vdocument.in/reader035/viewer/2022062805/5697bff11a28abf838cbb2b4/html5/thumbnails/40.jpg)
Run the FTP –s:script Command
![Page 41: CNIT 124: Advanced Ethical Hacking Docker (not in textbook) & Ch 8: Exploitation](https://reader035.vdocument.in/reader035/viewer/2022062805/5697bff11a28abf838cbb2b4/html5/thumbnails/41.jpg)
Owned
![Page 42: CNIT 124: Advanced Ethical Hacking Docker (not in textbook) & Ch 8: Exploitation](https://reader035.vdocument.in/reader035/viewer/2022062805/5697bff11a28abf838cbb2b4/html5/thumbnails/42.jpg)
iClicker Questions
![Page 43: CNIT 124: Advanced Ethical Hacking Docker (not in textbook) & Ch 8: Exploitation](https://reader035.vdocument.in/reader035/viewer/2022062805/5697bff11a28abf838cbb2b4/html5/thumbnails/43.jpg)
Which item is a Web page that should not be visible to casual
Web surfers?A. XAMPP
B. phpMyAdmin
C. WebDAV
D. Cadaver
E. msfvenom
![Page 44: CNIT 124: Advanced Ethical Hacking Docker (not in textbook) & Ch 8: Exploitation](https://reader035.vdocument.in/reader035/viewer/2022062805/5697bff11a28abf838cbb2b4/html5/thumbnails/44.jpg)
Which item can create malicious PHP files?
A. XAMPP
B. phpMyAdmin
C. WebDAV
D. Cadaver
E. msfvenom
![Page 45: CNIT 124: Advanced Ethical Hacking Docker (not in textbook) & Ch 8: Exploitation](https://reader035.vdocument.in/reader035/viewer/2022062805/5697bff11a28abf838cbb2b4/html5/thumbnails/45.jpg)
Which item is an extension to the HTTP
protocol?A. XAMPP
B. phpMyAdmin
C. WebDAV
D. Cadaver
E. msfvenom
![Page 46: CNIT 124: Advanced Ethical Hacking Docker (not in textbook) & Ch 8: Exploitation](https://reader035.vdocument.in/reader035/viewer/2022062805/5697bff11a28abf838cbb2b4/html5/thumbnails/46.jpg)
Which language places commands between <?
and ?> tags?A. SQL
B. HTML
C. Bash
D. PHP
E. FTP
![Page 47: CNIT 124: Advanced Ethical Hacking Docker (not in textbook) & Ch 8: Exploitation](https://reader035.vdocument.in/reader035/viewer/2022062805/5697bff11a28abf838cbb2b4/html5/thumbnails/47.jpg)
Which technique is commonly used to load
larger portions of staged attacks?
A. SQL
B. HTML
C. Bash
D. PHP
E. FTP