Docker services are extensively used in IT operations, so it is very important that you start learning from docker basics. In this article, we will cover the installation and setup of the docker, along with its specific uses.

Learn web application in

Table of Content

• Introduction to docker
• Docker and its terminology
• Advantages of docker
• Installation and usage

Introduction to Docker

Docker is a third-party tool developed to create an isolated environment to execute any application. These applications are run using containers. These containers are unique because they bring together all the dependencies of an application into a single package and deploy it. 

Now, to work with docker you will need to install docker-engine in your host. It is a foundation to the docker system, which basically runs as a client-server application. Its daemon process is referred to as server and the command-line interface is referred to as a client and REST API is used to create a communication link between client and server.

In Linux, docker client interacts with docker server through the CLI. Here, the terminal is docker client and docker host will run the docker daemon.

Whereas in windows, to work with docker, we need to install docker toolbox component in docker host in order to set up an environment on your Windows or iOS.

Docker and its terminology

When working with docker, one should be familiar with the following terms :

• Docker Hub: It is a repository which available to all who uses docker through cloud. Through docker hub, one can create, store, test, pull and share container images.
• Docker Images : Docker image acts as a template in order to create container. Build command is used to create docker images. Docker images makes it easy.
• Docker containers : Containers are said to be isolated environment provided to the docker image and its dependencies so that it can run independently. The focus of deploying a container is to update or repair an application or just simply modify it and share it. When working on an image, container lets you create a layer of a single command used which make it easy to modify it, or upgrade or degrade is version.
• Docker Registry : All the docker images are stored in docker registry. User can either can have local registry on their system or they can have a public one like docker hub.

Advantages of docker

• Easy to use
• Faster scaling systems
• Better software delivery
• Flexibility
• Provides isolated environment
• Supports software-defined networking
• Rapid deployment
• Security

Installation and usage

To install docker, simply open the terminal of Linux and type the following command :

To check the version one can use the following command :

Further, you can run help command in docker, which is as follows, to know all the options that docker provides at your service.

Once the docker is up and running, you can run or pull any image in your docker container. For instance, here we have run hello-world. When you run the following command, it will first check your local repository; if the image is not available there then it will pull it from docker hub.

As we have explained before, CLI works as a client, so directly from the terminal, you can search for any image you like. Like, here we have searched for ubuntu. One thing to remember here is that image with more stars will be the most authentic one.

Once you find your image, you can pull it into your container with the following command :

Now to check how many images you have in your docker, simply type the following command :

To remove any image, use the following command :

Here, rmi refers to remove image.

Now, in the details given by ps command, you can see that the name of our ubuntu image is adoring curie, which is a random name generated by docker for every image. To, rename this name we can use the following command :

And you can confirm with the ps command again that the name has been changed as shown in the image below :

The docker attaches command permits you to attach to a running container using the container ID or name, you can use one instance of shell only though attach command. But if you crave to open new terminal with new instance of container’s shell, we just need run docker exec.

Using the ps command we can see all the processes that are running in docker. There, for this, type :

To stop the running container, you can use stop command as shown in the below image, we have stopped the container and its process which can be confirm with the help of process command. As result there should be no running process for ignite.

If you can export the docker filesystem as a archive, use export command to compress the filesystem of a docker container into tar. The export commands fetch the whole container like a snapshot of a regular VM.

It will give you a flat .tar archive containing the filesystem of your container.

When you will export container as tar file, the file has hash value which can read as:

In order to save the image of container which you can upload on other docker use save command.  You can subsequently load this “saved” images into a new docker instance and create containers from these images.

In order to clear all image and or stop all process of the container. It will pack the layers and metadata of all the chain required to build the image.

To learn how to set up vulnerable web application setup using docker from here.

Author: Yashika Dhir is a passionate Researcher and Technical Writer at Hacking Articles. She is a hacking enthusiast. contact here

In this article, we will learn the process of installing an Apache Tomcat on any Linux Machine. We will also learn how to gain control over our victim’s PC through exploiting Apache Tomcat.

Requirements:

Server/Victim Machine: Ubuntu 18.04

Pentesting Machine: Kali Linux

Table of Content

Introduction of Apache Tomcat

Installation of Apache Tomcat

• Install Apache
• Install Java JDK
• Download tomcat manager
• Tomcat manager configuration
• Create a tomcat user and group
• Assign permission
• Create a systemd Service File
• Update firewall to allow tomcat
• Configure Tomcat Web Management Interface
• Access the Web Interface

Exploiting Apache Tomcat

Introduction of Apache Tomcat

Apache Tomcat which is also known as Tomcat Server is a Java-Based HTTP Web Server. It implements Java EE Specifications like Java Servlet, JavaServer Pages (JSP), Java EL, and WebSocket. It is an open-source software made by developers at Apache Software Foundation. Apache has been released as early as 1999. That makes Apache Tomcat 20 years old at the time of publication of this article.

Apache Tomcat in its simplest configuration runs in a single operating system process. This process is commonly known as the Java virtual machine (JVM). This allows Apache Tomcat platform-independent as well as secure as compared to others.

Installation of Apache Tomcat

Let’s start with apache tomcat installation but before that, you should go with below command.

Now, Apache Tomcat needs Java to be installed so that the Java Application code can be executed on the server. To make this possible, installed the Java Development Kit.

Create User and Group

To run the tomcat as an unprivileged user, create a group and a new user named as tomcat. We have created the user in /opt because we are going to install tomcat in that directory. We don’t need the tomcat user to use the shell so we will be using the -s parameter to set /bin/false shell. By doing this authentication will get disabled for the tomcat user.

Download Tomcat Manager

Now, we are going to download the apache tomcat Package from here.  After downloading it’s time to extract the package it inside /opt directory and move forward.

Assign Permissions

Now we are going to use the chgrp command to give the ownership of the tomcat directory to the tomcat group.

To allow the tomcat group user to perform the read and execute operation change permission for /conf file as given below.

Also give ownership to the tomcat group user for directories like webapp/, work/, temp/ and logs/.

We want Apache Tomcat to be run as a service and for that, we will have to set up a system service. To do this, we are going to require the location of the Java Installation. For this, we will be running the command given below.

Create an SYSTEMD Service File

To create a system service file, open the tomcat. service file in the /etc/systemd/system directory using nano editor.

Now append the following content and modify the JAVA_HOME as shown below 

Now Save this file. This will make tomcat a service.

Reload the systemd daemon to register our newly created tomcat service. If everything is done correctly, we will able to run, stop and see the status of the Apache Tomcat as a service.

Update Firewall to Allow Tomcat

It’s time to allow the tomcat via our firewall Since Ubuntu has the ufw installed and set up by default. Apache Tomcat generally uses the post 8080 to receive requests from users.

Execute below command to start tomcat starts automatically whenever the machine boots up.

Configure Tomcat Web Management Interface

At this stage, if you will browse the Server IP with the port 8080, you will be greeted with an Apache Tomcat Page. But if you will click on the links to the Manager App, you will get Access Denied. This means that you haven’t yet set up the Tomcat Web Manager Interface. So, let’s do that and complete the Apache Tomcat Setup.

Open the file using the nano editor and make the following changes as shown in the image given below.

You can change the username and password as per your choice. We will save and close the editor after making appropriate changes.

By default, Apache Tomcat restricts access to the Manager and Host Manager apps to connections coming from the server. As we are installing Tomcat for a remote machine, we will probably want to alter this restriction. To change the restrictions on these, we will be editing these context.xml files.

Inside, comment out the IP address restriction to allow connections from anywhere. Alternatively, if you would like to allow access only to connections coming from your own IP address.

We do the same thing with the host-manager file. To allow access to Host Manager too.

saved the changes restart the tomcat service.

Access the Web Interface

We got to the interface by entering your server’s domain name or IP address followed on port 8080 in our browser. Now we will try to see if the Manager and Host Manager interfaces are working. Click the Buttons highlighted in the image.

The Login authentication page will pop-up as expected, we enter the credentials that we created earlier.

Upon verification of the credentials, Apache Tomcat lands us to this Tomcat Virtual Host Manager Interface. From this page, you can add virtual hosts to serve your applications. This concludes our Apache Tomcat Setup.

Exploiting Apache Tomcat

Now that we have successfully installed the Apache Tomcat Framework, Let’s do its Penetration Testing. We are going to use Metasploit for exploiting the Apache Tomcat.

This module can be used to execute a payload on Apache Tomcat servers that have an exposed “manager” application. The payload is uploaded as a WAR archive containing a JSP application using a POST request against the /manager/html/upload component. NOTE: The compatible payload sets vary based on the selected target. For example, you must select the Windows target to use native Windows payloads.

As a result, you can observe that we have the meterpreter session of the target machine.

Learn multiple ways to exploit tomcat manager from here.

Author: Ahmad is a Technical Writer, Researcher and Penetration Tester. Contact here

This post is related to WordPress security testing to identify what will be possible procedure to exploit WordPress by compromising admin console. We have already setup WordPress in our local machine but if you want to learn WordPress installation and configuration then visit the link given below.

https://www.hackingarticles.in/wordpress-penetration-testing-lab-setup-in-ubuntu/

As we all know wpscan is a standalone tool for identifying vulnerable plugins and themes of WordPress, but in this post, we are not talking wpscan tutorial.

Table of Content

• Metasploit Framework
• Injecting Malicious code in WP_Theme
• Upload Vulnerable WP_Pulgin
• Inject Malicious Plugin

Requirement:

Host machine: WordPress

Attacker machine: Kali Linux

WordPress Credential: admin: admin (in our case)

Let’s begin!!

As you can observe that I have access of WordPress admin console over the web browser, for obtaining web shell we need to exploit this CMS. There are multiple methods to exploit WordPress, let’s go for some operations.

Metasploit Framework

The very first method that we have is Metasploit framework, this module takes an administrator username and password, logs into the admin panel, and uploads a payload packaged as a WordPress plugin. Because this is authenticated code execution by design, it should work on all versions of WordPress and as a result, it will give meterpreter session of the webserver.

Great!! It works wonderfully and you can see that we have owned the reverse connection of the web server via meterpreter session.

Injecting Malicious code in WP_Theme

There’s also a second technique that lets you spawn web server shells. If you have a username and password for the administrator, log in to the admin panel and inject malicious PHP code as a wordpress theme.

Login into WP_dashboard and explore the appearance tab.

Now go for theme twenty fifteen chose the templet into 404.php

You see a text area for editing templet, inject your malicious php code here to obtain reverse connection of the webserver.

Now, to proceed further, we used the reverse shell of PHP (By Penetstmonkey). And then we copied the above php-reverse-shell and paste it into the 404.php wordpress template as shown in the picture below. We have altered the IP address to our present IP address and entered any port you want and started the netcat listener to get the reverse connection.

 

Update the file and browse the following URL to run the injected php code.

you will have your session upon execution of 404.php file. Access netcat using the following command:

Upload Vulnerable WP_Plugin

Some time logon users do not own writable authorization to make modifications to the WordPress theme, so we choose “Inject WP pulgin malicious” as an alternative strategy to acquiring a web shell.

So, once you have access to a WordPress dashboard, you can attempt installing a malicious plugin. Here I’ve already downloaded the vulnerable plugin from exploit db.

Click here to download the plugin for practice.

Since we have zip file for plugin and now it’s time to upload the plugin.

Dashboard > plugins > upload plugin

Browse the downloaded zip file as shown.

Once the package gets installed successfully, we need to activate the plugin.

When everything is well setup then go for exploiting. Since we have installed vulnerable plugin named “reflex-gallery” and it is easily exploitable.

You will get exploit for this vulnerability inside Metasploit framework and thus load the below module and execute the following command:

As the above commands are executed, you will have your meterpreter session. Just as portrayed in this article, there are multiple methods to exploit a WordPress platformed website.

Inject Malicious Plugin

As you have seen above that we have uploaded the vulnerable plugin whose exploit is available. But this time we are going to inject our generated malicious plugin for obtain reverse shell.

This is quite simple as we have saved malicious code for reverse shell inside a php file named “revshell.php” and compressed the file in zip format.

Again, repeat the same step as done above for uploading plugin “revshell.zip” file and start netcat listener to obtain the reverse connection of the target machine.

Once the package gets installed successfully, we need to activate the plugin.

As soon as you will activate the plugin it will through the reverse connection as netcat session.

Author: Komal Singh is a Cyber Security Researcher and Technical Content Writer, she is completely enthusiastic pentester and Security Analyst at Ignite Technologies. Contact Here

Hello friends, today in this article we are going to familiarize you with one of the most vital tools of kali that everybody needs in today’s era.

Eliminating bugs or finding any issue, is used to cover by everyone in their journey of pentesting. But apart from this one should also want to indulge ownself into a task that needs to perform in wide range i.e. “report writing”.

Writing a good report is an essential ability, almost an art, for penetration testers, and as for all the skills, can be enhanced through practice. There are many tools that help in report writing but in this tutorial, we are going to use “Dradis”.

Table of content

• Introduction to Report Writing
• What is Dradis?
• Working with Dradis
• Conclusion

Introduction to Report Writing

Penetration testing report is the core deliverable in any security valuation action. In this, the final deliverable is the report which shows the service provided, the methodology used, findings/results and the recommendation. This can be achieved by the use of many tools that kali supports.

Similarly, we are going to cover one such tool in this tutorial i.e. “Dradis”.

What is Dradis?

The Dradis Framework is an open-source collaboration and reporting platform for IT security experts. It is a platform-independent tool developed in Ruby. In other words, we can also say that It is a tool that helps in putting information together in one place. It also tends us the ability to organize all the information in one place. It allows us not only to import but also export output from the various tools that it supports.

Dradis is comprised of a list of a tool like: “Burp scanner, Nessus, NeXpose, Nikto, Nmap, and many more that are pretty common in doing penetration testing or ethical hacking.

Working with Dradis

In the next few steps, we will learn how to use Dradis. For beginning this journey first we need to find Dradis. This can be done by two methods.

First Method:

In this method, we will just write dradis on kali terminal and this will take you to its active status. Once this will be completed then it will take you to its browser for login.

Dradis is a self-contained web application. Hence, it will automatically open in the browser. The URL is  https://127.0.0.1:3000.

Second Method:

For attaining this method you need to Launch the Kali-Linux tool after that Click on “Applications”, go to “Reporting Tools” and click on “Dradis”.

Next step is to create a server password to access the application. Then enter the credentials which we configured for the server.

We are logged into the Dradis framework successfully. Now as in below screenshot you can see it’s showing three main operations that can help in any report writing i.e. “all issues, methodologies, trash, nodes” so, we will use all these operations as per the requirement of a task in.

All issues: In this, we have many options like we can add any issue manually, upload output, import result from the library. These options also can help to import the result of any tool in dradis.

Methodologies:  When it comes to penetration testing methodologies you can basically narrow the field down to three. These are:

• Open Source Security Testing Methodology Manual (OSSTMM)
• Penetration Testing Execution Standard (PTES)
• National Institute of Standards and Technology

While all three are good methodologies but PTES and NIST 800-115 provide a bit more flexibility during penetration tests. Also, the methodologies more closely align with what’s taught in security course curriculum such as SANS. So whenever we need to add any methodology then we can use this option as reference.

Now, we will start working with dradis. For begin this first we will create a new node by clicking on “nodes” tab after that click on the newly created node and then click the “add subnode” option to add sub-branch under a newly created node. Follow the same process to create multiple node and sub-node as per your requirement.

We can create a tree as per our convenience. In the below screenshot, I have created two main nodes i.e. “Exploit” and “Host IP” which is sub-divided into Metasploit, scanning and nmap. As shown below.

Upload File

After successful completion of creating no. of nodes and sub-nodes now our next step is to upload the output of file with the help of the tool.

For this first, we need to select the name of the tool which we have used. In this, we have used nmap so I will choose this option by using a drop-down button of “choose tool”.

After this, we will search for the file that needs to upload and then click to open button at the top of the screen.

Once the process of uploading the will completed then you can see its output result in its output console as shown in below image.

To view the file, double-click the uploaded image and a new tab will be open in the browser to display the uploaded screenshot.

Similarly, we can upload scan results of other tools like Nessus, Burp, Nikto, Owasp ZAP, etc.

To view entire details of your result you can plugin. output option as shown below. In the below image it’s showing the result of nmap scan which I have saved in my file “scan.xml”

Creating notes

If you want to add a description about what you have done in each node and sub-nodes then it can simply be done by following below steps:

• Select node

• Click on notes
• Click on add notes
• Write the description in space that is provided
• Click on create a note to confirm it.

In the below image, I have mentioned “IP” of my host machine as my note description. Similarly, you can create a note for any of node or sub-node to briefly describe your report.  After creating your notes you can further edit, delete, and rename it as per desire. You can also add any of attachment, screenshot or image by simply drag and drop to attachment field.

Conclusion 

This article focused on the main objective of using “Dradis” for creating any report rest all the options like “adding Issues, Methodologies” can be further use by the user as per requirements.

Author: Komal Singh is a Cyber Security Researcher and Technical Content Writer, she is completely enthusiastic pentester and Security Analyst at Ignite Technologies. Contact Here