Page 53 - index
P. 53
Cross Distribution Exploit Testing
Francisco Amato, CEO, Infobyte LLC
Introduction:
We were looking for an easy way to do testing for the installation of our tool, Faraday
https://github.com/infobyte/faraday with different distributions.
We wanted to do this because the installation process is normally one of the most complicated
and critical processes of any new tool being implemented. It is important that the process is
easy and that everything works without any hiccups so that users can get started using the tool
ASAP and don´t lose valuable time during the installation and set-up.
What we ended up finding to suit our needs was Docker, which is pretty similar to a chroot, but
on large amounts of steroids.
Docker is a tool that automates the deployment of applications inside software containers, by
providing an additional layer of abstraction and automation of operating-system-level
virtualization on Linux. Docker uses resource isolation features of the Linux kernel such as
cgroups and kernel namespaces to allow independent "containers" to run within a single Linux
instance, avoiding the overhead of starting and maintaining virtual machines
The process we developed is pretty simple, in which we use a simple list of distributions.
We generate a Docker
We install Faraday
We connect using the SSH to the container, exporting the X and we execute the graphic
application (GUI QT)
53 Cyber Warnings E-Magazine – August 2015 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
