Presentation is loading. Please wait.

Presentation is loading. Please wait.

CNIT 124: Advanced Ethical Hacking Docker (not in textbook) & Ch 8: Exploitation.

Published byPriscilla Atkins Modified over 9 years ago

Similar presentations

Presentation on theme: "CNIT 124: Advanced Ethical Hacking Docker (not in textbook) & Ch 8: Exploitation."— Presentation transcript:

1 CNIT 124: Advanced Ethical Hacking Docker (not in textbook) & Ch 8: Exploitation

2 Docker

3 Docker Architecture

4 Main Docker Components Docker – the open source container virtualization platform Docker Hub – Software-as-a-Service platform for sharing and managing Docker containers – The primary public Docker registry

5 Images and Registries Docker images – Read-only templates with OS and installed software – Used to build servers Docker registries – Stores that hold images. May be public or private. – You upload or download images from stores – Used to distribute servers

6 Images, Registries, and Containers Docker containers – Like virtual machines – Can be run, started, stopped, moved, and deleted – Used to run servers

7 UnionFS Docker uses UnionFS – Mounts an entire file system on top of another file system, in layers – Priority is defined, so it knows which file is the current one if more than one copy of a file is present Makes docker containers MUCH smaller than virtual machines – Because they don't make extra copies of files

8 64-Bit v. 32-Bit Docker is intended for 64-bit systems It can be used to a limited extent on 32-bit systems, but that is not supported

9 Docker Hub

10 Docker 32-Bit Images

11 Important Docker Commands docker pull – Downloads from Docker Hub docker images – Shows local images docker run -it bash – Creates a container based on, starts it, and shows a Bash shell

12 Important Docker Commands docker ps – Lists running containers – With "-a" switch, shows all containers docker start – Starts a container docker attach <container-name – Attaches to a running container – Shows a "sh" command-line

13 Important Docker Commands Ctrl+P, Ctrl+Q – Detaches from a running container without stopping it docker run -p 8080:80 -it bash – Creates a container, forwarding port 8080 on the host to port 80 inside the container, showing a bash shell

14 Project Walkthrough

15 iClicker Questions

16 Which item can be started and stopped like a virtual machine? A.Docker B.Docker hub C.Docker image D.Docker registry E.Docker container

17 If CCSF makes a private server full of proprietary templates, what have they created? A.Docker B.Docker hub C.Docker image D.Docker registry E.Docker container

18 What is the primary public repository Docker provides, containing many versions of Linux? A.Docker B.Docker hub C.Docker image D.Docker registry E.Docker container

19 Which docker command creates a new container? A.pull B.run C.images D.ps E.attach

20 Which docker command allows you to control a running container? A.pull B.run C.images D.ps E.attach

21 CNIT 124: Advanced Ethical Hacking Ch 8: Exploitation

22 Exploiting Default XAMPP Credentials

23 Nmap Scan

24 WebDAV Web Distributed Authoring and Versioning – An extension to HTTP – Allows developers to easily upload files to Web servers

25 XAMPP A convenient way to run a LAMP server on Windows – LAMP: Linux, Apache, MySQL, and PHP Includes WebDAV, turned on by default, with default credentials – In older versions

26 Cadaver A command-line tool to use WebDAV servers Default credentials allow file uploads

27 Website Defacement Violates Integrity, but not as powerful as Remote Code Execution

28 Upload a PHP File PHP file executes on the server! This is Remote Code Execution

29 Msfvenom Creates Malicious PHP File

30 Meterpreter Reverse Shell

31 Exploiting phpMyAdmin

32 Purpose phpMyAdmin provides a convenient GUI Allows administration of SQL databases

33 phpMyAdmin

34 Should be Protected phpMyAdmin should be limited-access – With a Basic Authentication login page, or a more secure barrier

35 SQL Query Can write text to a file This allows defacement

36 PHP Shell Can execute one line of CMD at a time

37 Staged Attack Initial attack sends a very small bit of code, such as a single line of CMD That attack connects to a server and downloads more malicious code Very commonly used by malware

38 FTP Scripts File contains text to be executed by command- line FTP client

39 Making the Script File with SQL

40 Run the FTP –s:script Command

41 Owned

42 iClicker Questions

43 Which item is a Web page that should not be visible to casual Web surfers? A.XAMPP B.phpMyAdmin C.WebDAV D.Cadaver E.msfvenom

44 Which item can create malicious PHP files? A.XAMPP B.phpMyAdmin C.WebDAV D.Cadaver E.msfvenom

45 Which item is an extension to the HTTP protocol? A.XAMPP B.phpMyAdmin C.WebDAV D.Cadaver E.msfvenom

46 Which language places commands between tags? A.SQL B.HTML C.Bash D.PHP E.FTP

47 Which technique is commonly used to load larger portions of staged attacks? A.SQL B.HTML C.Bash D.PHP E.FTP

Download ppt "CNIT 124: Advanced Ethical Hacking Docker (not in textbook) & Ch 8: Exploitation."

Similar presentations

1 Web Servers / Deployment Alastair Dawes Original by Bhupinder Reehal.

1 Web Servers / Deployment Alastair Dawes Original by Bhupinder Reehal.
What is it? –Large Web sites that support commercial use cannot be written by hand What you’re going to learn –How a Web server and a database can be used.

What is it? –Large Web sites that support commercial use cannot be written by hand What you’re going to learn –How a Web server and a database can be used.
Creating WordPress Websites. Creating a site on your computer Local server Local WordPress installation Setting Up Dreamweaver.

Creating WordPress Websites. Creating a site on your computer Local server Local WordPress installation Setting Up Dreamweaver.
Assessing Vulnerabilities ISA 4220 Server Systems Security James A. Edge Jr., CISSP, CISM, CISA, CPTE, MCSE Sr. Security Analyst Cincinnati Bell Technology.

Assessing Vulnerabilities ISA 4220 Server Systems Security James A. Edge Jr., CISSP, CISM, CISA, CPTE, MCSE Sr. Security Analyst Cincinnati Bell Technology.
How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.

How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.
Module 6 Windows 2000 Professional 6.1 Installation 6.2 Administration/User Interface 6.3 User Accounts 6.4 Managing the File System 6.5 Services.

Module 6 Windows 2000 Professional 6.1 Installation 6.2 Administration/User Interface 6.3 User Accounts 6.4 Managing the File System 6.5 Services.
Advanced Web 2012 Lecture 2 Sean Costain 2012. How the Web Works - Refresh Sean Costain 2012 The web is a matrix of servers that handle client requests.

Advanced Web 2012 Lecture 2 Sean Costain How the Web Works - Refresh Sean Costain 2012 The web is a matrix of servers that handle client requests.
PHP Scripting Language. Introduction “PHP” is an acronym for “PHP: Hypertext Preprocessor.” It is an interpreted, server-side scripting language. Originally.

PHP Scripting Language. Introduction “PHP” is an acronym for “PHP: Hypertext Preprocessor.” It is an interpreted, server-side scripting language. Originally.
Presented by Mina Haratiannezhadi 1.  publishing, editing and modifying content  maintenance  central interface  manage workflows 2.

Presented by Mina Haratiannezhadi 1.  publishing, editing and modifying content  maintenance  central interface  manage workflows 2.
Installing Windows XP Professional Using Attended Installation Slide 1 of 41Session 2 Ver. 1.0 CompTIA A+ Certification: A Comprehensive Approach for all.

Installing Windows XP Professional Using Attended Installation Slide 1 of 41Session 2 Ver. 1.0 CompTIA A+ Certification: A Comprehensive Approach for all.
Dynamic Web site With PHP and MySQL. MySQL The combination of MySQL database and PHP scripting language is optimum for building dynamic websites. MySQL.

Dynamic Web site With PHP and MySQL. MySQL The combination of MySQL database and PHP scripting language is optimum for building dynamic websites. MySQL.
E-Commerce The technical side. LAMP Linux Linux Apache Apache MySQL MySQL PHP PHP All Open Source and free packages. Can be installed and run on most.

E-Commerce The technical side. LAMP Linux Linux Apache Apache MySQL MySQL PHP PHP All Open Source and free packages. Can be installed and run on most.
Project Implementation for COSC 5050 Distributed Database Applications Lab1.

Project Implementation for COSC 5050 Distributed Database Applications Lab1.
WHAT IS PHP PHP is an HTML-embedded scripting language primarily used for dynamic Web applications.

WHAT IS PHP PHP is an HTML-embedded scripting language primarily used for dynamic Web applications.
SYST 28043 Web Technologies SYST 28043 Web Technologies Installing a Web Server (XAMPP)

SYST Web Technologies SYST Web Technologies Installing a Web Server (XAMPP)
Linux Operations and Administration

Linux Operations and Administration
17 Web Servers (Apache and IIS)

17 Web Servers (Apache and IIS)
Best Practices in Moodle Administration Best Practices in Moodle Administration A variety of topics from technical to practical Jonathan Moore Vice President.

Best Practices in Moodle Administration Best Practices in Moodle Administration A variety of topics from technical to practical Jonathan Moore Vice President.
WordPress Web. WordPress Blogging system with full content management Personal publishing system Built on PHP scripting language and MySQL relational.

WordPress Web. WordPress Blogging system with full content management Personal publishing system Built on PHP scripting language and MySQL relational.
Web Servers Web server software is a product that works with the operating system The server computer can run more than one software product such as e-mail.

Web Servers Web server software is a product that works with the operating system The server computer can run more than one software product such as .

Similar presentations

Ads by Google