I've been learning quite a bit about docker, which is sorta like a container based virtualization environment. The interesting thing about docker's authentication is that there are no usernames or passwords, you're supposed to restrict who can connect via ssl certificates.

It turns out that you can easily setup docker to have 0 authentication, which it will happily do without warnings or anything. All that the person configuring it has to do wrong is setup a listening socket with "host" in the config file, and not configure tls. It also turns out that at least half the things that restrict your program to running inside a container are capable of being turned off. This means if you find a completely unauthenticated docker swarm setup, you can not only launch containers to do your bidding, but you can also have them access host resources.

The downside is I've been scanning around (port 2375 and 2376 possibly others) and I can't find where anyone has actually misconfigured their docker host. Oh well!

Related Posts


This is a great time to be out hacking. In no short order, the following stuff is pwnable:

- Joomla 1.5 - 3.5.4 (omg). I ...

great time hacking. short order - david-maas | ello

Finally installed CentOS 7 on a personal VM and delved into systemd. I don't like it, it replaced all sorts of perfectly explainable things like "ln -s /etc/rc3...