Search the Community

What are Secrets? Secrets are any kind of sensitive or private data which gives authorized users permission to access critical IT infrastructure (such as accounts, devices, network, cloud-based services), applications, storage, databases, and other kinds of critical data for an organization. For example, passwords, AWS access IDs, AWS secret access keys, Google OAuth Key, etc. are secrets. Secrets should be strictly kept private. However, sometimes attackers can easily access secrets due to flawed security policies or inadvertent mistakes by developers. Sometimes developers use default secrets or leave hard-coded secrets such as passwords, API keys, encryption keys, SSH keys, tokens, etc. in container images, especially during rapid development and deployment cycles in CI/CD pipeline. Also, sometimes users store passwords in plain text. Leakage of secrets to unauthorized entities can put your organization and infrastructure at a serious security risk. Changelog v1.0.8 (feat.) add option to run secretscanner as server in standalone mode by @ibreakthecloud in #67 Add SECURITY.md by @scovetta in #72 [hide][Hidden Content]]

About This File Plugin to add reputation information, days won, etc. to the user's dashboard in the topics. There are settings for selecting the desired display elements. The settings are divided into two sections – Abbreviated and Full. Include: Standard design of the Post Container. Number of posts. Number of topics. Number of reputations. Number of decisions. Number of days won. The number of registered days on the forum. Custom fields. Achievement badges. In full: Non-standard Post Container with tiles. Adjust shadows for dark and light themes. Add a profile background. Hide the standard group (name + icon). Hide a standard group (name). Add a group. Add a secondary group. Add a rank. Number of posts. Number of topics. Number of reputations. Number of decisions. Number of days won. Number of subscribers. The number of registered days on the forum. Date of registration. The ID of the profile. The last activity on the forum. Time zone. The sign-in device. Custom fields. Additional panel with sending drugs, adding to the emergency, etc. Achievement badges. Flexible Post Container settings. Tested on templates: Standard, Magnum, Fluent. Compatible with: Advanced Online Indicator. Recommendations: For correct operation, it is desirable to have a standard Post Container. Version Compatibility 4.6x [hide][Hidden Content]]

Legal Disclaimer Usage of CDK for attacking targets without prior mutual consent is illegal. CDK is for security testing purposes only. Overview CDK is an open-sourced container penetration toolkit, designed for offering stable exploitation in different slimmed containers without any OS dependency. It comes with useful net-tools and many powerful PoCs/EXPs helps you to escape container and takeover K8s cluster easily. Currently still under development, submit issues or mail [email protected] if you need any help. [hide][Hidden Content]]

Break out the Box (BOtB) BOtB is a container analysis and exploitation tool designed to be used by pentesters and engineers while also being CI/CD friendly with common CI/CD technologies. What does it do? BOtB is a CLI tool which allows you to: Exploit common container vulnerabilities Perform common container post-exploitation actions Provide capability when certain tools or binaries are not available in the Container Use BOtB’s capabilities with CI/CD technologies to test container deployments Perform the above in either a manual or an automated approach Current Capabilities Find and Identify UNIX Domain Sockets Identify UNIX domain sockets which support HTTP Find and identify the Docker Daemon on UNIX domain sockets or on an interface Analyze and identify sensitive strings in ENV and process in the ProcFS i.e /Proc/{pid}/Environ Identify metadata services endpoints i.e [Hidden Content], [Hidden Content] and [Hidden Content] Perform a container breakout via exposed Docker daemons Perform a container breakout via CVE-2019-5736 Hijack host binaries with a custom payload Perform actions in CI/CD mode and only return exit codes > 0 Scrape metadata info from GCP metadata endpoints Push data to an S3 bucket Break out of Privileged Containers Force BOtB to always return a Exit Code of 0 (useful for non-blocking CI/CD) Perform the above from the CLI arguments or from a YAML config file Perform reverse DNS lookup Identify Kubernetes Service Accounts secrets and attempt to use them Changelog v1.8 In this release, the following is addressed: Added @initree‘s Keyctl pwnage to extract entries from the Linux Kernel Keyring ([Hidden Content]) Modified the new Keyctl code to be multi-threaded to make use of Go workers to speed up enumeration [hide][Hidden Content]]

Proof of concept instructions to exploit a Docker container escape vulnerability. View the full article

This is exploit code for CVE-2019-5736 (and it works for both runc and LXC). The simplest way to use it is to copy the exploit code into an existing container, and run make.sh. However, you could just as easily create a bad image and run that. This affects runc versions prior to 1.0-rc6 (Docket versions less than 18.09.2). View the full article