Page 54 - index
P. 54
If one of the processes doesn´t work, we can evaluate what was the cause of the problem and
we make a corresponding patch to remedy the problem .
We are using this process daily in our own continuous-integration system.
Cross Distribution Exploit Testing:
Using the same implementation, we can use it to do some exploitation tests in different
distributions. This allows us to evaluate different scenarios and hopefully helps us make our
exploits a bit more robust :)
Not all the vulnerabilities can be tested using this tool, because kernel's related problems can´t
be exploited because Docker isn´t a virtualization system. This includes a few simple
vulnerabilities such as file permission, file race condition, environment variable code injection,
etc.
The tool contains the following elements:
docker_build.py: This script function is to generate images of each distribution and run
docker_launch.py.
docker_launch.py: This is the one that finally connects through the SSH and executes our
command in the selected container.
images.txt: A list of images to use
extras/: Libraries and base Dockerfile used for generation of the images.
root/: Here, we find private keys for the ssh connection, which are necessary for testing out the
GUI tests.
Case 1 - Shellshock:
A simple example to try would be shellshock:
$ ./docker_build.py -c "env x='() { :;}; echo vulnerable' bash -c \\\"echo this is a
test\\\""
Start build docker: debian:7.3
54 Cyber Warnings E-Magazine – August 2015 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
