Hacking Open Docker Registries: Pulling, Extracting, and Exploiting Images.

A new security risk has been identified stemming from misconfigured Docker registries, exposing private container images that may contain sensitive data, including hardcoded credentials, API keys and misconfigured services, creating potential pathways for unauthorized access.
Security researchers, bug-bounty hunters and hackers are able to exploit this by injecting backdoored images if the registries permit anonymous image uploads, in order to achieve remote code execution (RCE).
Steps to discover, extract and analyse such images are set out, including using deep search engines like FOFA and Shodan to find public Docker registries, Nmap to scan for Docker Registry APIs and common Docker ports, and then curling to enumerate the repositories, checking available tags and pulling the Docker image.
Suggested mitigation measures include disabling anonymous access to registries, requiring authentication, restricting access to certain ports and using secure configurations.

Fast Feed