AoC 2022 Day 9: Pivoting – Dock the halls

Posted on by

What is Docker?

Using Docker, you may combine apps with their related dependencies into a single object known as an image. Then, either locally on a development server or remotely on a production server, this image may be shared and used to operate a container. Only the web application is immediately accessible via an exposed port of Santa’s database, which runs in separate Docker containers. A common way to tell if a compromised application is running in a Docker container is to verify the existence of a /.dockerenv file at the root directory of the filesystem.

What is Metasploit?

Metasploit is a powerful penetration testing tool for gaining initial access to systems, performing post-exploitation, and pivoting to other applications and systems. Metasploit is free, open-source software owned by the US-based cybersecurity firm Rapid7.

What is Pivoting?

Once an attacker has gained access to a system, they can utilize it to send additional web traffic, which enables them to contact previously unreachable workstations.

For example – an initial foothold could be gained through a web application running in a docker container or through an exposed port on a Windows machine. This system will become the attack launchpad for other systems in the network.

 

Image of initial foothold between a pentester host and a compromised container

We can route network traffic through this compromised machine to run network scanning tools such as nmap or arp to find additional machines and services which were previously inaccessible to the pentester. This concept is called network pivoting.

 

Image of pivoting using a compromised container to other endpoints on the network

~ Source: Tryhackme.

Challenge Solution