Page | 8
www.hackingarticles.in
Docker API
Enable Docker API for Remote connection
Initially, you can observe that the target host does not have any port open
for docker service when
we used Nmap port scan for 192.168.0.156 which is the IP of the
host machine where docker
application is running.
At host machine, we try to identify a process for docker, as we have mentioned above by default it
runs over Unix sockets.
Now modify the configuration for REST API in order to access the docker daemon externally.
ps -ef | grep docker
Page | 10
www.hackingarticles.in
Abusing Docker API
Now attacker always looks for such network IP where docker is accessible through API over 2375/TCP
port in order to establish a remote connection with the docker application. As you can see, we try to
scan the host machine to identify open port for docker API using Nmap port scan.
Once the
port is open and accessible, you can try to connect with
docker daemon on the target
machine. But for this, you need to install a docker on your local machine too. So, we have installed
docker on Kali Linux as well as we docker running on our target machine too.
Now to ensure that we
can
access docker daemon remotely, we execute the following command
to identify the installed
docker version.
