Page | 3
www.hackingarticles.in
Abstract
We are moving from virtualization to containerization and we are all
familiar with the container
services such as docking or quay.io. You can pick a dock image for a particular application by selecting
several choices. As you know, when a developer works with a container, it not only packs the program
but is part of the OS, and we do not know whether the connect libraries have been patched or
vulnerable.
Page | 5
www.hackingarticles.in
Docker Architecture
Docker uses
a client-server architecture, the main components of the docker are docker-daemon,
docker-CLI and API.
Docker Daemon:
Use manage docker object such as network, volume, docker image & container.
Docker CLI:
A command-line interface used to execute the command to pull, run and build the docker
image.
Docker API:
It is a kind of interface used between Daemon and CLI to communicate with each other
through Unix or TCP socket.
As we know the usage of docker service in any organisation at their boom because it has reduced
efforts of the developer in the host in the application within their infrastructure. When you
install
docker on a host machine, the daemon and CLI communicate with each other through Unix Socket
that represents a loopback address. If you want to access the docker application externally, then bind
the API over a TCP port.
The time you allow the docker API to be accessed over TCP connection through ports such as 2375,
2376, 2377 that means a docker CLI which is running outside the host machine will be able to access
the docker daemon remotely.
Page | 6
www.hackingarticles.in
The attacker always checks for such type of port using Shodan, they
try to connect with docker
remotely in order to exploit the docker daemon. Their several docker application listening over port
2375 for remote connection.
