I am running a metasploitable2 docker container on a server. Here is the docker command to create this docker container:
docker run --name victumb-it tleemcjr/metasploitable2:latest sh -c "/bin/services.sh && bash" --security-opt apparmor=unconfined -privileged true --network host
I then ran an exploit on Kali linux container on a different server targeting the docker image, however it failed.
use exploit/unix/ftp/vsftpd_234_backdoor
msf5 exploit(unix/ftp/vsftpd_234_backdoor) > set RHOST 134.122.105.88
RHOST => 134.122.105.88
msf5 exploit(unix/ftp/vsftpd_234_backdoor) > run
[-] 134.122.105.88:21 - Exploit failed [unreachable]: Rex::ConnectionTimeout The connection timed out (134.122.105.88:21).
I am confused as to why this exploit failed. Due to the --network host i thought that the traffic would be mirrored into the container. Is their anyway to fix this networking error, so that the hack is successful?
Here is the tutorial I was loosely following: https://medium.com/cyberdefendersprogram/kali-linux-metasploit-getting-started-with-pen-testing-89d28944097b
Because the option --network host should be placed before the image
Usage: docker run [OPTIONS] IMAGE [COMMAND] [ARG...]
This should work:
docker run --name victumb-it --network host --security-opt apparmor=unconfined --privileged tleemcjr/metasploitable2:latest sh -c "/bin/services.sh && bash"
Here sh is the command, and everything after that is arguments passed to sh command.
The docker run options like --network, --security-opt and --privileged are placed before the image.
If you run docker inspect container_id you'll see at the Args key the arguments passed to the command. It means they are not arguments to docker run.
Related
Any commands hang terminal inside docker container.
I login in container with docker exec -t php-zts /bin/bash
And then print any elementary command (date, ls, cd /, etc.)
Command hang
When I press ctrl+c I going back to host machine.
But, if I run any command without container - it's work normally
docker exec -t php-zts date
Wed Jan 26 00:04:38 UTC 2022
tty is enabled in docker-compose.yml
docker system prune and all cleanups can not help me.
I can't identify the problem and smashed my brain. Please help :(
The solution is to use the flag -i/--interactive with docker run. Here is a relevant section of the documentation:
--interactive , -i Keep STDIN open even if not attached
You can try to run your container using -i for interactive and -t for tty which will allow you to navigate and execute commands inside the container
docker run -it --rm alpine
In the other hand you can run the container with docker run then execute commands inside that container like so:
tail -f /dev/null will keep your container running.
-d will run the command in the background.
docker run --rm -d --name container1 alpine tail -f /dev/null
or
docker run --rm -itd --name container1 alpine sh # You can use -id or -td or -itd
This will allow you to run commands from inside the container.
you can choose sh, bash, or any other shell you prefer.
docker exec -it container1 alpine sh
I am running Docker for Windows v19.03.12. I am running a linux container from Windows 10. I am sharing my entire c:\ drive with Docker (see image). I am trying to testing a container locally and need to pass a credentials file to the container.
When I run the following command:
docker run --rm -p 9215:80 -p 44371:443 --name test -t createshipment:latest -v c:/temp:/data
When I explore the container I do not see a /data folder at all (see image).
I am not sure what else to try to share a folder when testing docker locally.
The command docker run expects the image name as the last argument, before any arguments to the image's entrypoint. In the OP's post, the image name precedes the -v ... argument, so -v ... is actually passed to the image's entrypoint.
docker run --rm -p 9215:80 -p 44371:443 --name test -t \
-v c:/temp:/data createshipment:latest
For the sake of completeness, here are the relevant excerpts from the documentation for the command-line options used here:
Usage: docker run [OPTIONS] IMAGE [COMMAND] [ARG...]
...
--name string Assign a name to the container
-p, --publish list Publish a container's port(s) to the host
--rm Automatically remove the container when it exits
-t, --tty Allocate a pseudo-TTY
-v, --volume list Bind mount a volume
How is possible to assign a name to a container while using docker run with interactive mode?
For example, running this command
docker run -d -it docker_image_already_created sh
when checking with docker ps the name is autogenerated. How can the container name be passed?
Provide the --name option:
docker run -d --name your_name -it docker_image_already_created sh
I want to run docker inside another docker container. My main container is running in a virtualbox of OS Ubuntu 18.04 which is there on my Windows 10. On trying to run it, it is showing me as:
Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?
How can I resolve this issue?
Yes, you can do this. Check for dind (docker in docker) on docker webpage how to achieve it: https://hub.docker.com/_/docker
Your error indicates that either dockerd in the top level container is not running or you didn't mount docker.sock on the dependent container to communicate with dockerd running on your top-level container.
I am running electric-flow in a docker container in my Ubuntu virtual-box using this docker command: docker run --name efserver --hostname=efserver -d -p 8080:8080 -p 9990:9990 -p 7800:7800 -p 7070:80 -p 443:443 -p 8443:8443 -p 8200:8200 -i -t ecdocker/eflow-ce. Inside this docker container, I want to install and run docker so that my CI/CD pipeline in electric-flow can access and use docker commands.
From your above description, ecdocker/eflow-ce is your CI/CD solution container, and you just want to use docker command in this container, then you did not need dind solution. You can just access to a container's host docker server.
Something like follows:
docker run --privileged --name efserver --hostname=efserver -d -p 8080:8080 -p 9990:9990 -p 7800:7800 -p 7070:80 -p 443:443 -p 8443:8443 -p 8200:8200 -v $(which docker):/usr/bin/docker -v /var/run/docker.sock:/var/run/docker.sock -i -t ecdocker/eflow-ce
Compared to your old command:
Add --privileged
Add -v $(which docker):/usr/bin/docker, then you can use docker client in container.
Add -v /var/run/docker.sock:/var/run/docker.sock, then you can access host's docker daemon using client in container.
I'm running https://hub.docker.com/r/jenkinsci/blueocean/ in docker. Trying to build a docker image in jenkins.
but i get the following error:
Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?
clearly the jenkins version in docker does not have access to the docker binary.
I confirmed this by,
docker exec -it db4292380977 bash
docker images
Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?
"db4292380977" is the running container. It shows the same error.
Question:
how do I allow access to docker in the jenkins container?
The docker client is installed on the jenkinsci/blueocean image, but not the daemon. Docker client will use the daemon (by default via the socket unix:///var/run/docker.sock). Docker client needs a Docker daemon in order to work, you can read Docker Architecture for more info.
What you can do:
Use docker-in-docker (DinD) image
Library Docker image provides a way to run a Docker daemon in Docker, you can then use it from another container. For example, using plain docker CLI:
docker run --name docker-dind --privileged -d docker:stable-dind
docker run --name jenkins --link=docker-dind -d jenkinsci/blueocean
docker exec jenkins docker -H docker-dind images
REPOSITORY TAG IMAGE ID CREATED SIZE
Docker daemon runs in docker-dind container and can be reached using the same hostname. You just need to provide the docker client with the daemon host (-H docker-dind in the example, you can also use DOCKER_HOST env variable as described in the doc).
Mount host machine /var/run/docker.sock in your container
As described by #Herman Garcia answer:
docker run -p 8080:8080 --user root \
-v /var/run/docker.sock:/var/run/docker.sock jenkinsci/blueocean
You need to mount your local /var/run/docker.sock and run the container as root user
NOTE: this might be a security flaw so be careful who has access to the jenkins container
docker run -p 8080:8080 --user root \
-v /var/run/docker.sock:/var/run/docker.sock jenkinsci/blueocean
you will be able to execute docker inside the container
➜ ~ docker exec -it gracious_agnesi bash
bash-4.4# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS
NAMES
c4dc85b0d88c jenkinsci/blueocean "/sbin/tini -- /usr/…" 18 seconds ago Up 16 seconds 0.0.0.0:8080->8080/tcp, 50000
/tcp gracious_agnesi
Just only try to do the same command but with sudo in the beginning
For example
sudo docker images
sudo docker exec -it db4292380977 bash
To avoid use sudo in the future you should run this command in Unix O.S
sudo usermod -aG docker <your-user>
Change for the user that you are using at this moment. Remember to log out and back in for this to take effect! More information about Docker installation click here