kukuxumushi
commented
2 years ago Kibana 6.5.4 from "docker.elastic.co/kibana/kibana:6.5.4" is somehow invulnerable, instead you can use kibana from dockerhub "kibana:6.5.4".
image: kibana:6.5.4
Open davehouser1 opened 3 years ago
kukuxumushi
commented
2 years ago Kibana 6.5.4 from "docker.elastic.co/kibana/kibana:6.5.4" is somehow invulnerable, instead you can use kibana from dockerhub "kibana:6.5.4".
image: kibana:6.5.4
I could not get the lab set up the way shared in the instructions. They did not seem clear to me. However I was able to get the lab set up with a simple docker-compose file, see below:
Save as "docker-compose.yml", then run with
docker-compose upBe aware of the following when trying with lab: 1) If you use my compose file or not, you need to increase your max virtual memory for elasticsearch or kibana containers to run. Run this on your host box before starting the containers:
sudo sysctl -w vm.max_map_count=2621442) You need to use docker inspect to identify the docker bridged network being used if you did not specifically attach the containers to a specific network interface address. You can run the following (If using my compose file) to identify the gateway address, this address will be used in your reverse shell command
sudo docker network inspect docker_my-network.Be aware of the following when trying on CTF / real world: 1) Not sure if this is a must, but between reloading the containers, I needed to clear my cache.
2) Whats neat about this exploit is that when you have the reverse shell working, if you cancel, and start listening on the same port, the connection will start up again. However, don't expect this to happen on all machines, there is a CTF box I tried this on which worked, but I needed to revert the box every time if I lost shell, could not get the shell to come back if I exited.