Shulou(Shulou.com)05/31 Report--

Docker+vulhub how to quickly build a vulnerability environment, I believe that many inexperienced people do not know what to do, so this paper summarizes the causes of the problem and solutions, through this article I hope you can solve this problem.

Advantages of docker

Low hardware cost, low loss of virtualized hardware and good performance

It can quickly deploy the running environment, start up very fast, and scale flexibly.

Support packaging management to ensure consistency

The cost of dynamic scheduling migration is low. Ps: bloggers mainly use docker to download flawed frameworks for penetration testing and improve their penetration capabilities. (for example: weblogc deserialization vulnerability, strust2 vulnerability)

Preparation for the installation of docker

The centos7 system has been built on the virtual machine.

Docker requires the kernel version of the CentOS system to be higher than 3.10. check the prerequisites on this page to verify that your version of CentOS supports Docker.

Match the yum source.

Official installation of docker

Make sure the yum package is updated to the latest

Yum update

Uninstall the old version (if the old version was installed)

Yum remove docker docker-common docker-selinux docker-engine

Install the required software packages, yum-util provides yum-config-manager functionality, and the other two are dependent on the devicemapper driver

Yum install-y yum-utils device-mapper-persistent-data lvm2

Set up the yum source

Yum-config-manager-- add-repo https://download.docker.com/linux/centos/docker-ce.repo

You can view all docker versions in all repositories and select a specific version to install

Yum list docker-ce-- showduplicates | sort-r

Download and install container-selinux

Download wget http://mirrors.atosworldline.com/public/centos/7/extras/x86_64/Packages/container-selinux-2.68-1.el7.noarch.rpm and install rpm-ivh container-selinux-2.68-1.el7.noarch.rpm-- nodeps-- force

Install docker

Yum install docker-ce # since only stable repository is opened by default in repo, the latest stable version 17.12.0 is installed here. The above command is installed by default, and the following command does not need to execute yum install # for example: sudo yum install docker-ce-17.12.0.ce

Start and join the boot boot

Systemctl start dockersystemctl enable docker

Verify that the installation is successful (both client and service indicate that the docker installation starts successfully)

Docker versiondocker, centos7, windows10 (blogger host system) communicate with each other

The network connection mode of centos7 in VM is nat, and the network card is configured in dhcp mode.

Docker defaults to docker 0 Nic, keeping the default configuration

Let windows10 communicate with virtual machine

NAT mode. Centos7 can ping windows10,windows10 but not ping centos7.

The problem is that in the host's adapter settings, the NAT-related adapter becomes an automatic IP address acquisition.

Right-click the symbol of the network in the lower right corner of the computer, click "Open Network and sharing Center"-> "change Adapter Settings", you can see several adapter configurations of the virtual machine. The configuration of NAT mode is generally VMnet8.

Right-click-> Properties-> IPv4-> Properties.

Just set the ip address and centos7 in the same network segment.

Let windows10 communicate with docker

Windows10 connects to the Docker container in centos7

Topological graph

Host (windows10)-> virtual machine (192.168.2.131)-> docker container (172.17.0.1)

If the ping Docker container is ping different in the host at this time, because there is no route to the 172.18.0.2 network on the host, the host will send the data sent to the 172.18.0.2 network to the default route, so the container cannot be reached.

Solution: (1) first, ensure the centos7 and Docker containers, use ping to test whether it is unobstructed. (2) turn off the firewall in the virtual: systemctl stop firewalld.service (3) open the cmd of windows10 and add a route to the 172.17.0.21 network. (4) the packet to the 172.17.0.1 network is forwarded by 192.168.2.131.

Concrete operation

In cmd (administrator mode)

Route add-p 172.17.0.0 mask 255.255.0.0 192.168.2.131 / /-p means permanent addition

View the added routes:

Download weblogic12c from route print172.17.0.0 255.255.0.0 192.168.2.131 192.168.2.200 36docker container (can be skipped)

Get the image

Docker pull ismaleiva90/weblogic12//docker pull # gets the image of / / ismaleiva90/weblogic # weblogic. If you do not specify the image version, you will get the default latest version.

Build and start the container

Docker run-d-p 49164ismaleiva90/weblogic:latest 7002-p 49165ismaleiva90/weblogic:latest 5556 ismaleiva90/weblogic12:latest//docker run # Boot / /-d # causes the container background to run / /-p # specify the port number / / details of the image / / 2018-3-6 launch command: docker run-d-p 7001ismaleiva90/weblogic:latest 7002-- restart=always / / after the startup command is changed, the access port becomes 7001 Http://172.17.0.1:7001/consoledocker run-d-p 7001 restart=always ismaleiva90/weblogic12:latest 7001-p 7002

Access weblogic http://172.17.0.1:49163/console in a browser

172.150.19.40 # ip address of the current host 49163 # access port number access result, login page appears

Login account and password:

User name: weblogic password: download vulhub vulnerability environment docker-compose installation and use in the welcome1docker container

Docker Compose is a Docker tool for defining and running complex applications. Using Docker Compose no longer requires the use of shell scripts to start the container. (configured via docker-compose.yml)

Installation

You can customize the version you need by modifying the version in URL.

Sudo curl-L https://github.com/docker/compose/releases/download/1.22.0/docker-compose-`uname-s`-`uname-m`-o / usr/local/bin/docker-composesudo chmod + x / usr/local/bin/docker-compose

Unloading

Sudo rm / usr/local/bin/docker-compose officially downloads vulnerability environment Vulhub

Download docker vulnerability environment: Vulhub

Vulhub is an open source vulnerability range for the general public. Without docker knowledge, a complete vulnerability range image can be compiled and run by simply executing two commands. The aim is to make it easier to reproduce vulnerabilities and to make security researchers more focused on the principle of vulnerabilities.

Build a loophole environment

Git clone https://github.com/vulhub/vulhub.git https://github.com/vulhub/vulhub/archive/master.zip / / Direct download address

Enter the vulhub-master/weblogic/CVE-2017-10271 directory

Run command

Docker-compose up-d / / install this vulnerability environment docker ps / / View the running service port

Visit ip:port to see the web web page

After the docker-compose down / / test is complete, use this command to end the service and put the environment into an initial state. Verify Weblogic xml deserialization vulnerabilities (CVE-2017-10271)

Check whether there is a weblogic xml deserialization loophole with the tool. Download the detection tool by Baidu.

Take advantage of deserialization vulnerability to execute system commands

Using wireshark to grasp the package of infiltration process

Execute the command to execute the traffic caught.

Grab the package to execute the whoami command

Grab the bag of the responder

As shown in the figure:

After reading the above, have you mastered how docker+vulhub can quickly build a vulnerability environment? If you want to learn more skills or want to know more about it, you are welcome to follow the industry information channel, thank you for reading!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.