Introduction to Docker for CTFs
I'm using docker more often for CTFs, but it's also useful to host challenges. More CTFs share Dockerfiles to run it locally, so I figured it's time to give an introduction to docker. If you have some other tips or tricks about your workflow, please share it below!
Example challenge and CTF container: github.com/LiveOverflow/pwn_d...
DigitalOcean*: m.do.co/c/826f195e2288
=[ ❤️ Support ]=
→ per Video: / liveoverflow
→ per Month: / @liveoverflow
=[ 🐕 Social ]=
→ Twitter: / liveoverflow
→ Website: liveoverflow.com/
→ Subreddit: / liveoverflow
→ Facebook: / liveoverflow
=[ 📄 P.S. ]=
All links with "*" are affiliate links.
LiveOverflow / Security Flag GmbH is part of the Amazon Affiliate Partner Programm.
Пікірлер: 163
Who felt triggered by me using python2?
@tymekl1509
4 жыл бұрын
Me
@maherazzzouzi279
4 жыл бұрын
For me python2 is way better than python3 and IDK why xD
@simonkoeck
4 жыл бұрын
for these purposes python 3 would be better :)
@radosawcymer4557
4 жыл бұрын
Me, 2 minutes too late, but eh
@gcm4312
4 жыл бұрын
I was just scrolling down to comment on this blasphemy!
liveoverflow : docker tutorial everyone: where r u these days ?
OK, if you starting with docker, you probably want to know that: 8:55 When you start container you can ofc give it a name with `--name some_name` (if you do not give any name it will assign some radom one, in this case it was `cool_yonath`) later if you want to exec something it there, instead of using id, you can use that name. Also if you are using if, you don't need to use full id (in fact that id that is displayed when you use `docker ps` is also first 12 characters of id) you need to use enough characters to have single matching result (it might be even only 1 character) ps: if you using distro with selinux enabled, mount your volumes with `:z` at the end, eg: `-v $PWD:/pwd:z` ps2: if you run container with `--link container_name:hostname` you are getting connectivity to mentioned container (`ping hostname`)
@martingregorik2046
4 жыл бұрын
you can use first 3 characters of image id to reference the container, which is shorter than typing the name, in most cases
@k3daevin
4 жыл бұрын
@@martingregorik2046 you might even use the first 2 characters if they are unique. But if you recreate the container it has another id, so it is better to give the containers a name. PS: You can use TAB-completition on the container names, so no need for long typing and you have meaningful names.
Useful information as always. Thanks LiveOverflow
Great way of explaining things, kudos to you!!
Please explain Ctrl-C and Ctrl-V.
@ShivamJha00
4 жыл бұрын
Lmao what
@berestenkus
4 жыл бұрын
@@selimeneskaraduman6935 i think point was that explanation of docker and everything is so great that it would also great to explain such plain simple thing as copypaste
@reimarpb
3 жыл бұрын
@@ShivamJha00 3:40
@fun_childdhood
3 жыл бұрын
Ctrl+C will create a parallel universe
I made a docker-like program (called doqueru-kun) and a tutorial that made me understand how docker works. Waiting for your next video to link it in my project!
@LiveOverflow
4 жыл бұрын
I saw that blog! Very cool project!
@danielmitre
4 жыл бұрын
Thank you! That means a lot for me coming from you!
@SekharPariga
4 жыл бұрын
@@LiveOverflow can you give me the link for the Blog which your referring here, I'm interested read it as well.
>beginning of video: Docker. Docker container. Docker. >Middle of video: docker docks docking docks docker dock >end of video: dakka dakka durka durka docka docka dock i think im going insane XD
Loved it, this was awesome and now I know what to use! Thx
You could use a bridge network for inter-container communication. With it you don't need to expose any port to the local network and can use the name of the container as IP address
@sundhaug92
4 жыл бұрын
You can also use docker-compose to create more complex setups, with multiple networks
@rogo7330
3 жыл бұрын
P2P but you are in container. Skynet: nice
nc host.docker.internal 1024 (instead of finding the IP address of host), or just use the host network when creating the container
these videos are amazing, keep up the great work.
Awesome Work Man! Good content
holy crap. nice animation.. very descriptive.. do this more often..
Hi, I have a problem using ctfdocker ---- when using "gdb.attach(io)" with pwntools, how Launch a new terminal in docker container?
Hey, a video around pwntools would be awesome!
Docker is just amazing, Kubernetees is the next step
@SuperSand2000
4 жыл бұрын
What about Consul?
@ko-Daegu
4 жыл бұрын
Mattia Righetti I thought we should use both since ya know they serve different purposes Put whatever kubernetes vs docker : kzread.info/dash/bejne/ZKqBp7NuqtaXm9I.html
@ArquimedesOfficial
4 жыл бұрын
@@SuperSand2000 what fuck is consul? marca de geladeira? kkkkk
I'm used to use Netcup for servers because a) it's a german service so the data is stored in germany and b) from what I had seen it seemed far less expansive even considering the free bonus I get as a student or by such promotions.
Welcome back pro
I have a container setup with the Kali Linux Desktop Environment running and I use Reminna to access it; But it slows my machine done as much as a VM does.
When using VSCode there is that awesome plugin that runs your current workspace on docker, so the set up is much easier and the development is much cleaner.
@LiveOverflow
4 жыл бұрын
cool, I should check that out. whats the name?
@piotrmielnik1404
4 жыл бұрын
@@LiveOverflow it's called "Remote Container"
how to doing like gdb.attach on docker ?
Ehh Welcome Back! MIssed you, dude!
if u want your last container to execute an arbitrary command, you can prefix the command with docker exec -it $(docker ps -lq) maybe someone reads this and finds it useful (in an automated setup ofcourse)
The digital ocean refferral link didnt work for me :((
Looking forward to the next video. (Also Holy shit, I have the green icon now)
@justonefra
4 жыл бұрын
Yeah, the time flies I realized that too some days ago
Any good ctf list to download I need many of them
Can I use docker for doing CTFs? Many recommend using a VM to participate in CTFs for security purposes. But are docker containers more secure than a VM sandbox?
Love docker, especially when I'm working on a M1 Mac book and need to install tools developed for linux...
*he bacc*
I was wondering what docker was!
Keep doing what you are doing! Greets from Germany :-)
@olpqay
4 жыл бұрын
aus Deutschland nach Deutschland? 😉
@chickenicecream1942
4 жыл бұрын
@@olpqay does it mean From Germany to Germany or something? I can totally use google translate, but Im making a guess
@olpqay
4 жыл бұрын
chickenicecream1942 exactly 😉
nice content, @liveoverflow I have been following for a while an I have been wanting to start playing RE/ ctf's and I suck at it, I have been looking for a strong basics where I can start and get a hold of the sub, please refer a source since you are good at it I was hoping you would know a better place to begin for a noon.
finally a new video
If you want to run something on the host machine ip from a container you don't need to look for the ip you can just use host.docker.internal :)
L33t is back :)
That's cool
So, basically Docker is like a solution to "works on my machine ¯\_(ツ)_/¯" syndrome. 😛
Great video, for me Docker already starts to feel a old tech , because I am already working with Docker for 2 years but it is so rare to see videos for new guys talking about docker. But side note, in the first time you talk about the docker build command was to create a container that it is incorrect, but I think that was just a little mistake
thx for the vid
Miss your videos
This intro to docker has made the most sense out of every other explanation I have been given, but I still don't get what the difference between this and a VM is.
@ForTheReallys
4 жыл бұрын
The main difference is that with a VM a separate kernel is used for the guest. With containers, the host and guest share a kernel.
@SchoolforHackers
4 жыл бұрын
A VM contains a whole OS (yes, including a kernel), and is a resource hog. A container holds just the files necessary to operate it (like database binaries, for instance ), uses the host kernel, and is much, much lighter and faster.
Hey, ist da ein weg um mit dir zu kommunizieren? habe heute möglicherweise einen iteresanten bug gefunden in einem Parkautomaten. Muss aber mal wieder zurück und austesten ob das wirklich so jedesmal funktioniert. Wenn ja, dann gibt es einen weg um ohne zu bezahlen aus dem parkhaus raus zufahren;)
Is it possible to expose ports for one container to be used by other containers, without exposing it to the host system?
@TimLF
4 жыл бұрын
No.
@asparagii2953
4 жыл бұрын
Yes, you have to use a feature called "bridge network". You create a network (with 'docker network create ') and then when you run a container you add the option '-network '. All the ports will be exposed by default from from inside the network, and you can use the name of the container as IP address alias :)
@SchoolforHackers
4 жыл бұрын
Very much yes. In fact that’s the point.
Minor correction: Docker on Windows can run without Linux, but usually doesn't
Nice x)
Could you please tell in future video the differences between Packer, Vagrant and Docker? Awesome video! :P
@LiveOverflow
4 жыл бұрын
No clue what packer is. But vagrant simply manages virtual machines. What docker really is I will explain next video
@_azer0s
4 жыл бұрын
Packer is a tool from HashiCorp that builds machine images. So unlike Docker, it's not container technology. Vagrant is basically (really oversimplified here) a CLI tool for managing VMs. Packer allows you to "pack" all your programs and whatever you might need, bundles that up and spits out an AMI or VMDK/VMX or OVF file. Basically a dockerfile for VMs.
@TimLF
4 жыл бұрын
@@LiveOverflow I never got around to finding out why docker stopped using LXC/LXD/LXCFS...
Didn't undertsnad half of the video. But the video is still good, ty
Damn. Awesome. Time to spend the day trawling through docker docs and learning. This is wouldnt work for anything with a gui right? Like a crackme with a window pop up for a password would just have to run on your main host wouldnt it?
@adibytes2
4 жыл бұрын
Willy you can. you can run an X server in the Docker container and ssh with X forwarding on your host.
@teddyfrozevelt
4 жыл бұрын
It's possible to forward X applications out of the container into your own X session. This requires that you're on Linux, are using X and not Wayland (maybe there's a way to use XWayland, but I don't know how), and set it up in your Dockerfile. somatorio.org/en/post/running-gui-apps-with-docker/
`docker-compose` is its own package and ‘docker compose` is just docker with the compose plugin, which comes by default. You shouldn’t need the docker-compose package if all you’re doing is basic compose launching.
💥💥💥
Have you heared about hetzner.de? It is basically like digital ocean but cheaper. They have server farms in Germany and Finland.
@juliavanderkris5156
4 жыл бұрын
My go-to VPS host is scaleway, very similar to digitalocean in usage (also pretty flexible) but much cheaper. And they have some pretty nice AMD epyc machines.
@3nt3_
4 жыл бұрын
@@juliavanderkris5156 Hetzner also has a huge selection of dedicated server models btw. (Also Epyc)
Finallyyyyyyyy
I guess using WSL is perfectly fine if not better in this particular use case? A Windows user's point of view
Dockers are truly a gift for CTFs. I love them so much. And the best thing is that Docker Engine was written in Go!
This is more than docker documentation
dumb question, what is CTF??
@SchoolforHackers
4 жыл бұрын
MilMike - capture the flag, hacking contests where you try to find a special file on the target.
what is ctfs?
@SchoolforHackers
4 жыл бұрын
Ruchit Micro - Capture The Flag - a contest of breaking into a target and finding special files.
Can you update this man
What's CTF?
@RandomNullpointer
4 жыл бұрын
I searched the web and found this: CTF (Capture The Flag) is a kind of information security competition that challenges contestants to solve a variety of tasks ranging from a scavenger hunt on wikipedia to basic programming exercises, to hacking your way into a server to steal data.
wow this looks so complicated, Makes me hate hacking 😕
Gasp running docker as super user
@LiveOverflow
4 жыл бұрын
Why are you surprised?
apt-get install docker.io docker-compose -y
Not (necessarily) true: "Docker on Windows runs a hidden Linux VM" The Windows kernel actually supports something quite similar to the Linux namespaces thingy, called "Containers". When using Docker in Container mode on Windows, no VM is necessary or used. In fact this feature even enables Windows to be able to run both Linux Containers AND Windows containers (yes, you can download and run a Windows 10 container) side-by-side simultaneously.
@Virus3652
4 жыл бұрын
Was looking for that comment
@filipstamcar6553
4 жыл бұрын
Yes, Docker has two types for Windows. One is newer Docker for Windows which uses this Windows functionality for containers (but AFAIK requires Windows 10 Pro) and the other is Docker Toolbox which uses VirtualBox to run boot2docker Linux VM.
@FredrikHistherRasch
4 жыл бұрын
@@filipstamcar6553 yes, although Docker will use Hyper-V instead of VirtualBox by default if it wants to use a VM
9:58 WHY PYTHON 2??
Perhaps first?
Don't use `sudo` to run docker commands! add your user to the `docker` group instead, no more nagging for passwords for using docker!
@LiveOverflow
4 жыл бұрын
I prefer sudo
@webcaptcha
4 жыл бұрын
it's not secure, read docs
Please don't run your docker commands as root. That can break some docker images. It is way better to add your user to the docker group, which will give you (for docker) pretty much the same abilities. There is also a really nice utility called ctop(github/bcicen/ctop) which is pretty much htop for docker. Also, look into docker registries (for example hosted on GitLab) to save your Docker images so you don't have to recompile them every time. Also using networks or the deprecated link flag can save you the trouble of exposing hosts to the outside world, and can make it a lot more comprehensible to see which container is connecting to which.
@LiveOverflow
4 жыл бұрын
Mh why? I have never had any issues. Ran it as root all the time when using some server. Also access to docker gives you basically root permissions. So I find it a bit weird to not explicitly use sudo and add the group.
@real1cytv
4 жыл бұрын
@@LiveOverflow I had problems with mounted files, and yes its fixable with chown and chmod, but I think its an unnecessary risk right? If the container does get exploited?
@AlbertMikaelyan
4 жыл бұрын
Docker containers are run by a separate process and have their own users inside. The user id may collide, and it can cause trouble, but it can access only the directories you have mounted to it - which is the main issue. Look at docker docs, they even say that giving your user docker privileges, is the same as actually giving your user root priveleges - so it is much less safe, than simply running your docker commands with sudo infront.
Hi
@SuperMarkusparkus
4 жыл бұрын
hihi
CT-Who?
Docker Docs are actually too much to lean food someone not too familiar with it. It can be frustrating and a waste of time. I’d recommend some videos from KZread to help you with it
All IT work should be security work.
@sobertillnoon
4 жыл бұрын
@@homelessrobot you know what? You're right. Keep IT Interesting.
hi first
@shootingshooter2829
4 жыл бұрын
i know its childish
@simonkoeck
4 жыл бұрын
@@shootingshooter2829 yeah it is
13th
It should work on windows. Well yes but actually no.
I think docker is silly. Why would you download and set up a whole thing that's basically a chroot, just to run some tool? If you don't trust that software then yes, fine. But other than sandboxing, I don't think it's useful for tooling. Maybe I'm thinking about this wrong, but why would i have a container for hashcat and another container for jtr and another container for nmap and another for wfuzz, and so forth. It makes no sense and all you accomplish is wasting your hard drive space on redundant data. And don't tell me that's not how it works, because you literally install stuff with `docker pull`, creating one container image for the one tool you pulled. If you just want a linux environment, feel free to use linux. If you're running on windows you get WSL2. If you are running on mac, get a computer that works and where you don't have to pay for every little thing.
@LiveOverflow
2 жыл бұрын
Each app has dependencies that need to be installed. It’s nice to not litter your host system with all these dependencies. Containers are not necessarily used for security. And more about isolation of dependencies and making apps trivial to deploy.
I have actually seen way better docker videos...kind of disappointed.