web analytics

Docker Penetration Testing

Rate this post

Docker Architecture

Docker uses a client-server architecture, the main components of the docker are docker-daemon, docker-CLI and API.
Docker Daemon: Use manage docker object such as network, volume, docker image & container.

Docker CLI: A command-line interface used to execute the command to pull, run and build the docker image.
Docker API: It is a kind of interface used between Daemon and CLI to communicate with each other through Unix or TCP socket.

As we know the usage of docker service in any organisation at their boom because it has reduced efforts of the developer in the host in the application within their infrastructure. When you install docker on a host machine, the daemon and CLI communicate with each other through Unix Socket that represents a loopback address. If you want to access the docker application externally, then bind
the API over a TCP port.
The time you allow the docker API to be accessed over TCP connection through ports such as 2375, 2376, 2377 that means a docker CLI which is running outside the host machine will be able to access the docker daemon remotely.

The attacker always checks for such type of port using Shodan, they try to connect with docker remotely in order to exploit the docker daemon. Their several docker application listening over port 2375 for remote connection.

Views: 0

LinkedIn
Twitter
Facebook
WhatsApp
Email

advisor pick´S post

More Latest Published Posts