killchain-compendium/enumeration/docs/docker_enumeration.md

494 B

Docker Enumeration

Save Images

  • Save image and extract it
docker save -o image.tar <image-name>
tar -xf image.tar
  • Run a container from the image and printenv

Manifest

  • Read the manifest inside the image extracted
jq . manifest.json
  • Read the config JSON file mentioned in the manifest
  • Inside this config file there are the shell commands used at building the image
  • Snoop around after interesting files, especially inside the root dir in layer.tar