Nairobi GNU/Linux Users Group

A lively community of GNU/Linux enthusiasts

Building a Pentest Lab With Docker


What is Docker?

Docker Logo Docker is a container platform that is similar to a Hypervisor like Virtualbox. Docker uses less storage and RAM and are portable.

Docker can run on: - Linux - Windows - Mac OS

In this article I will go over how to set up a penetration testing lab entirely in docker

It will consist of two types of containers.

  • Attacker Machine
  • Target Machine

Installation on Linux

The Convenience Script

Update: You can install Docker quickly and non interactively when you use the convenience scripts provided by Docker at get.docker.com

Installation is then done by :

curl -fsSL https://get.docker.com -o get-docker.sh
sh get-docker.sh

Debian based distros

Anything that uses apt to install software is Debian based. Find a complete list here

To install on Ubuntu :

$ sudo apt install docker.io

Docker on Windows

To run docker in windows, install Docker desktop.

Windows 10 Logo

Docker Desktop is an awesome app with a graphical interface. It can run Linux containers from windows. However, there's one major deal-breaker.

Docker Desktop cannot co-exist with VirtualBox or VMware, because it requires Hyper-V to run Linux containers😤1.

Hyper-V is Microsoft's hardware virtualization product

As a workaround. * Use Docker Toolbox 👨‍💻 * Learn Hyper-V 📚 * Install Linux 🤷‍♀️

This is also the same reason WSL cannot co-exist with VMware/Virtualbox.

Now I'm starting to see why people hate Microsoft. They lock users to their ecosystem.


Hello World

After you have installed docker, run this command as a test

$ sudo docker run hello-world

If it completes successfully, you can follow along

Server status

The Network

The network will be called vulnerable. It will have a 10.0.0/24 subnet

Create it with this command

$ sudo docker network create vulnerable --attachable --subnet 10.0.0.0/24

Attacker Container

For this, I will use Parrot OS. It's docker images are better Kali Linux Images.

Cyber photo

First download the Parrot OS Docker image. This command will take a while depending on your internet connection.

$ docker pull parrotsec/security:latest

Create and run the container .

sudo docker run \
    --name parrot \
    -it \
    --hostname parrot \
    --network vulnerable \
    --ip="10.0.0.2" \
    --env DISPLAY=$DISPLAY \
    -v /dev/shm:/dev/shm \
    --device /dev/snd \
    --device /dev/dri \
    --mount type=bind,src=/tmp/.X11-unix,dst=/tmp/.X11-unix \
    parrotsec/security:latest \
    /bin/bash 

All tools available in Parrot OS are now an apt-get away.

Use this command to restart the parrot OS container after a reboot.

$ sudo docker start -a parrot

Target container:Metasploitable2

Target

This is a very vulnerable test machine. It is what I recommend for anyone starting out.

Open another terminal and pull the metasploitable image. The image is around 500MB.

$ docker pull tleemcjr/metasploitable2

To run a metasploitable container:

docker run \
    -it \
    --network vulnerable \
    --ip="10.0.0.3" \
    --name metasploitable \
    --hostname metasploitable2 \
    tleemcjr/metasploitable2 \
    bash

You should see a terminal prompt like this

Start the vulnerable services

[email protected]:/# services.sh

You can now access metasploitable from 10.0.0.3

If you want to stop the container, close the terminal with CTRL + D

Run this command to start metasploitable again

$ sudo docker start -a parrot

Then start the vulnerable services.

[email protected]:/# services.sh

Guides & Tutorials

There are tons of free guides out there on metasploitable.

Image of person Studying

  1. The Easiest Metasploit Guide You’ll Ever Read
  2. Metasploit Unleashed
  3. Metasploitable 2 Exploitability Guide
  4. Youtube Tutorials

If you don't know what guide to use, I recommend this one.

More vulnerable containers 🧑‍💻

More Cyber

You can extend the lab with any of these containers depending on your learning goal.

OWASP Juiceshop

This container focusses on web application security.

Juiceshop Logo

To create and start the juiceshop container for the first time

docker run -d \
    --name juiceshop \
    --network vulnerable \
    --ip="10.0.0.6" \
    bkimminich/juice-shop

Check if it is running

$ docker ps 

Access the web interface from this URL

http://10.0.0.6:3000/

Stop the container when you're done

docker stop juiceshop

Start the container again

docker start juiceshop
Juiceshop Guides

OWASP Webgoat 🐐

Webgoat is a ctf-style vulnerable container focused on web application security.

goat-svg

Create and run the container for the first time

docker run  -d \
    --name webgoat \
    --network vulnerable \
    --ip="10.0.0.4" \
    -e TZ=$(cat /etc/timezone) \
    webgoat/goatandwolf

Access Webgoat and Webwolf from these URLs

10.0.0.4:8080/WebGoat

10.0.0.4:9090/WebWolf

To stop the container

docker stop webgoat

To Start the container again.

docker start webgoat

If you can't access the url, check if it is running.

$ docker ps -a

Why I use docker for a pentest lab

Two Operating systems make my computer painfully slow. Containers aren't resource-intensive and perform well. This fits my use case.

Lab.svg

If you have RAM to spare then it's really not that much of a difference.

When not to use Docker

If you want to run Windows containers from a linux host, you are out of luck. You can run linux containers on Windows though

Common Docker Commands

Stop a container:

$ sudo docker stop containerName

Start a container

$ sudo docker start containerName 

List running and stopped containers

$ sudo docker ps -a

Spawn a bash shell in a running container

$ sudo docker exec -it containerName bash

Docker has tab completion for each of these commands.

Graphical apps inside docker

Sometimes you may want to run a GUI tool like firefox or burpsuite.

The Parrot OS commands above are already set for running graphical apps. You only need to install these packages

$ apt install hicolor-icon-theme \
    libcanberra-gtk* libgl1-mesa-dri \
    libgl1-mesa-glx libpangox-1.0-0 \
    libpulse0 libv4l-0 fonts-symbola \ 

You can run a few commands to avoid some errors encountered when running GUI apps

Burpsuite

Burp Suite is a web app pentesting tool for monitoring http requests and responses.

Burpsuite Logo

To install and run burpsuite inside the parrot os container.

# sudo apt update
# sudo apt install burpsuite
# java -jar -Xmx2G /usr/bin/burpsuite

You can then point your browser to use 10.0.0.2:8080 as the proxy and burp will intercept everything

Firefox

Firefox, is a free and open-source web browser.

Firefox Logo

To install and run firefox:

$ apt install firefox ca-certificates 

Credits

Stories by freepik

This was originaly posted on my blog at ianmuchina.com

Further reading/research

Jess Frazelle has written an awesome blog post with details on running graphical apps inside Docker containers. She's also given this awesome Talk/Demo on running various applications and retro games inside docker containers.

Footnotes


  1. Docker requires a Linux kernel to run Linux containers on Windows. Docker accomplishes this by running a Linux Virtual Machine inside Hyper-V. This is still more resource-efficient than full VM's. Plus there's the added benefit of running both Windows and Linux containers. This is not possible on Linux