Docker Registry Pentesting

Docker Registry is a steteless, highly scalable server side application that stores and lets you distribute Docker images. A default port is 5000.

Endpoints

/v2/_catalog
/v2/<repository>/tags/list
# We can download the manifest given tag.
/v2/<repository>/manifests/<tag>

Extract Layers

If we download the manifest with the above, see the content and blobsums (sha256:abcd...) in fsLayers.

curl -so 1.tar https://example.com/blobs/sha256:abcd...
tar -xvf 1.tar

After extracting tar files, investigate files or directories to find the sensitive information.

PreviousDocker EscapeNextDirectory Traversal & Arbitrary Command Execution (CVE-2021-41091 )

Last updated