In addition to learning theoretical knowledge, learning safety infiltration technology needs to provide hands-on ability in combination with practice. It is a good way to build a target environment with loopholes. It can not only enhance the understanding of security loopholes from a practical point of view, but also enhance the ability to use common security tools. With the rapid development of container virtualization technology, it is widely recognized as a container technology that can save resources and improve work efficiency. Docker is an open source application container engine developed based on go language, which has formed a relatively mature ecosystem, allowing developers to package their own applications and dependency packages into a lightweight container.
Docker is very suitable for building a security testing vulnerability target for learning and experiment. In this paper, we take building a web security testing vulnerability target, bodgeit, as an example to learn how to install the docker engine, and how to create, run and stop the docker image.
1 centos7 install docker engine
Take centos7 as an example to build the docker engine.
1.1 change centos7 Yum source to Alibaba cloud source with faster speed in China
#Considering the stability of Yum source, the original source can be backed up first
$ mv CentOS-Base.repo CentOS-Base.repo.bak
#Then download Alibaba cloud Yum source configuration
$wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
#Clear local cache of Yum mechanism
$yum clean all
$yum makecache
1.2 add the latest version of Yum configuration for docker
The main used by the default Yum warehouse of docker. If you want to use the latest version, you need to set the baseurl to
https://yum.dockerproject.org/repo/main/centos/7
$cd /etc/yum.repos.d
Create a new docker.repo file in this directory
$touc docker.repo
The contents of the file are as follows:
[dockerrepo]
name=Docker Repository
baseurl=https://yum.dockerproject.org/repo/main/centos/7/
Enabled=1
Gpgcheck=1
gpgkey=https://yum.dockerproject.org/gpg
Then update the yum warehouse source
$yum update
1.3 install docker engine
$yum install –y docker-engine
Wait a few minutes for the installation to complete. The author's system has already installed the docker engine before, so the latest version has been installed
1.4 set domestic docker image warehouse address
$touch /etc/docker/daemon.json
{
"registry-mirrors":["https://registry.docker-cn.com"]
}
The official image acceleration of docker China can be accessed through http://registry.docker-cn.com. The image library only contains popular public images. Private images still need to be pulled from the US image library.
2. Docker common commands
- Docker pull image
docker pull mysql
- Docker version
docker version
- docker images
List all local mirrors
- $docker PS
List all containers
- Docker PS -a
List last started containers
- docker build -t penetesters/javavul:test . --rm=true
-Tselect the user name, warehouse name, and tag for the specified image generation
--RM = true specifies that the temporary container generated in the middle is deleted during image generation.
- docker images penetesters /javavul
View new images
- docker run -d -p 8090:8080 5207
-P specifies that port 80 of the host is bound to port 8080 of the container
-D. after the specified container runs, it is separated from the current TTY and runs in the background
5207 is the first 4 bits of the ID of the image.
- Disable all running containers
docker stop $(docker ps -q)
Docker stop 2882c14cefa9 (container ID)
- Delete all containers
docker rm $(docker ps -aq)
- docker inspect
To view details of the container
- docker exec -it 8f1b89183df5 /bin/sh
8f1b89183df5 is the command to be executed for container ID / bin / Sh
-d: Separation mode: running in the background
-i: Keep stdin open even if there is no attachment - t: assign a pseudo terminal
3. Build a container target
The gadget store is an open-source penetration test platform that contains common web application vulnerabilities. The gadget store contains the following major vulnerabilities.
- Cross site scripting vulnerability XSS
- SQL injection
- Hidden (but unprotected) content
- CSRF vulnerability
- Debug code
- Unsafe object references
- Application logic vulnerability
You need to start the docker engine first
$ service docker start
Then we need to build a bodgeitdocker image
Gadget.war can be obtained from the following address:
https://github.com/psiinon/bodgeit/releases/download/1.4.0/bodgeit.war
Dockerfile is used to create a custom image, which contains user specified software dependency and other information. Dockerfile consists of four parts: basic image information, maintainer information, image operation instructions and container execution instructions at startup. Content of dockerfile defined by Gadget:
FROM tomcat:7
MAINTAINER pez1420 [email protected]
ADD bodgeit.war /usr/local/tomcat/webapps/
CMD ["catalina.sh", "run"]
EXPOSE 1111
Build and run a vulnerability bodgeit environment:
` ` ` `
$docker build -t bodgeit/javavul:1.4.0 . --rm=true
$docker images bodgeit/javavul
$docker run - D - P 1111:8080 containerid top 4 bits
` ` ` `
The operation results of bodegit show that it is successful to build a bodegit target based on docker.