Shulou(Shulou.com)06/01 Report--

Harbor arbitrary administrator registration CVE-2019-16097 vulnerability example analysis, many novices are not very clear about this, in order to help you solve this problem, the following small series will explain in detail for everyone, there are people who need this can learn, I hope you can gain something.

0x00 Harbor Introduction

Harbor is an enterprise-class Registry server for storing and distributing Docker images, extending open source Docker Distribution by adding enterprise-essential features such as security, identity, and administration.

As an enterprise-class private Registry server, Harbor provides better performance and security. Increase the efficiency of users using Registry build and runtime environments to transfer images.

0x01 Principle overview

The vulnerability is a vertical override vulnerability, because the registration module is not strict with parameter verification, it can lead to arbitrary administrator registration. After an attacker registers an administrator account, he can take over the Harbor mirror repository, write malicious images, and eventually infect clients using this repository.

0x02 Scope of influence

Harbor before 1.7.6 and Harbor before 1.8.3

0x03 Environment construction

Download here:

https://github.com/goharbor/harbor/releases

I downloaded offline version 1.7.0 of offline

After downloading, extract the installation package:

Modify the configuration file harbor.cfg (version 1.7.0, other versions may not be this configuration file, there may be others: for example, version 1.8.2 configuration file harbor.yml, specific analysis):

vim harbor.cfg

Here I only modified the hostname parameter, I changed it to my ip (if you want to modify other parameters, refer to: https://github.com/goharbor/blob/master/docs/installation_guide.md)

After modification, save exit and install:

./ install.sh

The effect under normal installation is as shown in the figure:

The problems I encountered here are:

A. Version impact

Docker version and harbor version requirements. The higher version of harbor can only match the higher version of docker. I used harbor version 1.8.2 before, but it was installed incorrectly because my docker version is lower. So I redownloaded a version 1.7.0 of harbor, the version matches, and the installation was successful.

B. Docker is not open

docker must be opened before installation, I built it in kali, so service docker starts

Start harbor:

0x04 Exploits

First we visit: 192.168.1.134 (hostname I configured)

Enter the registration user interface, enter the registration information, click Register to grab the package:

Send to playback module

Add our POCs:

"has_admin_role":true

click Go

Found Tips Successfully Created

To verify, we registered again using this account and found:

Log in with this account created and look at the privileges of the user we created through POC:

Success, administrator privileges

0x05 Repair method

Upgrade Harbor versions to 1.7.6 and 1.8.3

Did reading the above help you? If you still want to have further understanding of related knowledge or read more related articles, please pay attention to the industry information channel, thank you for your support.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.