Security Bulletin: Vulnerability identified in docker for Red Hat Enterprise Linux

Summary Vulnerability identified in docker package for Red Hat Enterprise Linux potentially impact IBM Cloud Pak System. Vulnerability Details CVEID: CVE-2020-14300 DESCRIPTION: Docker package for Red Hat Enterprise Linux could allow a remote attacker to execute arbitrary code on the system, caus...

vulhub

It is an open-source collection of pre-built vulnerable docker environments. The primary vulnerability is a Server-Side Template Injection SSTI vulnerability in a Flask application. The repository contains a Docker Compose file that sets up a vulnerable environment for testing and demonstration...

AWS Cryptojacking Worm Spreads Through the Cloud

A cryptomining worm from the group known as TeamTNT is spreading through the Amazon Web Services AWS cloud and collecting credentials. Once the logins are harvested, the malware logs in and deploys the XMRig mining tool to mine Monero cryptocurrency. According to researchers at Cado Security, the...

vulhub

It is an offensive tool for web application security training. The repository contains a collection of pre-built vulnerable Docker environments, which can be used for training and testing web application security. The tool is designed to be easy to use, requiring only two simple commands to compi...

vulhub

This is an open-source collection of pre-built vulnerable docker environments, called Vulhub. It provides a simple way to create a vulnerable environment for testing and learning purposes. The project is maintained by phith0n and has a community of contributors and backers. The environments are...

GitLab: GitLab-Runner on Windows `DOCKER_AUTH_CONFIG` container host Command Injection

Summary GitLab-Runner, when running on Windows with a docker executor, is vulnerable to Command Injection via the DOCKERAUTHCONFIG build variable. Injected commands are executed on the container host, not within a Docker container, as such could compromise all future builds which are executed by...

DDoS attacks in Q2 2020

News overview Not just one but two new DDoS amplification methods were discovered last quarter. In mid-May, Israeli researchers reported a new DNS server vulnerability that lurks in the DNS delegation process. The vulnerability exploitation scheme was dubbed "NXNSAttack". The hacker sends to a...

vulhub

This is an open-source collection of pre-built vulnerable docker environments. It is an offensive tool for testing and training purposes. The primary CVE ID is not explicitly stated, but the repository contains various vulnerable environments based on Docker-Compose. The target product/service or...

FestIn - S3 Bucket Weakness Discovery

FestIn is a tool for discovering open S3 Buckets starting from a domains. It perform a lot of test and collects information from: DNS Web Pages Crawler S3 bucket itself like S3 redirections Why Festin There's a lot of S3 tools for enumeration and discover S3 bucket. Some of them are great but...

Gtunnel - A Robust Tunelling Solution Written In Golang

A TCP tunneling suite built with golang and gRPC. gTunnel can manage multiple forward and reverse tunnels that are all carried over a single TCP/HTTP2 connection. I wanted to learn a new language, so I picked go and gRPC. Client executables have been tested on windows and linux. Dependencies...

vulhub

It is an open-source collection of pre-built vulnerable docker environments. The repository contains a variety of vulnerable environments, including Flask SSTI, Apache Parsing Vulnerability, and more. The environments are designed to be easy to use, with simple installation and usage instructions...

Linux Container Enumeration

This module attempts to enumerate containers on the target machine and optionally run a command on each active container found. Currently it supports Docker, LXC and RKT. Module Options msf use post/linux/gather/enumcontainers msf postenumcontainers show actions ...actions... msf postenumcontaine...

CTF-Web-Challenges

This is a PHP challenge where the goal is to get a shell on the server. The challenge is hosted on a Docker container, and the PHP code is written in a way that makes it difficult to execute arbitrary code. The challenge involves using the session.uploadprogress feature in PHP, which allows us to...

Docker Privileged Container Escape Exploit

This Metasploit module escapes from a privileged Docker container and obtains root on the host machine by abusing the Linux cgroup notification on release feature. This exploit should work against any container started with the following flags: --cap-add=SYSADMIN, --privileged. This module requir...

Docker Privileged Container Escape

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework POC modified from https://blog.trailofbits.com/2019/07/19/understanding-docker-container-escapes/ class MetasploitModule 'Docker Privileged Container Escape',...

Docker Privileged Container Escape

This module escapes from a privileged Docker container and obtains root on the host machine by abusing the Linux cgroup notification on release feature. This exploit should work against any container started with the following flags: --cap-add=SYSADMIN, --privileged. Module Options msf use...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Gitlab

It is an open-source collection of pre-built vulnerable docker environments. The primary CVE ID present in the provided context is CVE-2016-9086. The target product/service or framework is GitLab. The vulnerability class/vector is not explicitly stated, but it is likely related to the mentioned...

CSRF Vulnerability with Non-Session Based Authentication

The PgHero dashboard is vulnerable to CSRF with non-session based authentication methods. Impact The PgHero dashboard is vulnerable to cross-site request forgery CSRF. This affects the Docker image, Linux packages, and in specific cases, the Ruby gem. The Ruby gem is vulnerable with non-session...

Cnitch - Container Snitch Checks Running Processes Under The Docker Engine And Alerts If Any Are Found To Be Running As Root

cnitch snitch or container snitch is a simple framework and command line tool for monitoring Docker containers to identify any processes which are running as root. Why is this a bad thing? If you have not already been to can I haz non-privileged containers? by mhausenblas then I recommend you hea...

vulhubs

This is an open-source collection of pre-built vulnerable docker environments. It is not a PoC exploit for a specific CVE, but rather a toolkit for testing and training purposes. The repository contains various vulnerable environments, including Flask SSTI, Apache Parsing Vulnerability, and more...