Skyper's blog

[Docker] Explore a container's file system from scratch

13 Apr 2022

Generally, when I want to explore the file system of a Docker container, I do it interactively by executing a shell inside it, something like:

$ docker exec -it container_name sh
$ ls
...

But sometimes the image of the container I want to explore does not contain any tools for this purpose. No ls, no cat, not even a shell. It is especially the case when building Docker images from scratch, which is very common with multi-stage builds.

One solution is to rely on the docker export tool which allows to "export a container's filesystem as a tar archive". By default, it writes the tar archive to STDOUT, which means it can be easily piped into the tar command-line tool to list its contents on the fly:

$ docker export 7c1f2edd42c4 | tar -tv | tee filesystem.txt
-rwxr-xr-x root/root         0 2022-04-04 09:46 .dockerenv
drwxr-xr-x root/root         0 2022-03-19 15:52 bin/
-rwxr-xr-x root/root  45687736 2022-03-19 15:52 bin/node
...

SysAdmin Docker

[HTB] Admirer

02 Oct 2020

Admirer is an easy Hack The Box Linux-based machine released on the 2nd of May 2020 and reachable on the IP address 10.10.10.187.

For whose who don't know it yet, Hack The Box is an online platform where vulnerable machines are deployed in a private network accessible via VPN, and where users need to hack their way into the systems to collect flags as proofs of their success.

HTB Admirer information card

Read more Security CTF · Web · Write-up

[HTB] Traceback

25 Aug 2020

Traceback is an easy Linux-based machine released on the 14th of March 2020 and reachable on the IP address 10.10.10.181 (despite what's written on the info card).

HTB Traceback information card

Read more Security CTF · Web · Write-up

Hacker 101 - Capture the Flags with a Regex

07 Jul 2020

Enjoying HackerOne's CTF?

If you want to make sure not to inadvertently miss any single flag while skimming through web pages, you can ask ZAP to catch them for you with this regex: \^FLAG\^[\w\d]{64}\$FLAG\$

A "Flag" tag will appear next the requests containing a flag in their response:

This technique is particularly useful when a flag appears in a non-obvious location such as an HTML comment.

Security CTF · ZAP · Web

[Python] Sniffing inside a thread with Scapy

01 Mar 2018

Scapy is an incredible tool when it comes to playing with the network. As it is written on its official website, Scapy can replace a majority of network tools such as nmap, hping and tcpdump.

One of the features offered by Scapy is to sniff the network packets passing through a computer's NIC. Below is a small example:

from scapy.all import *

interface = "eth0"

def print_packet(packet):
    ip_layer = packet.getlayer(IP)
    print("[!] New Packet: {src} -> {dst}".format(src=ip_layer.src, dst=ip_layer.dst))

print("[*] Start sniffing...")
sniff(iface=interface, filter="ip", prn=print_packet)
print("[*] Stop sniffing")

This little sniffer displays the source and the destination of all packets having an IP layer:

$ sudo python3 sniff_main_thread.py
[*] Start sniffing...
[!] New Packet: 10.137.2.30 -> 10.137.2.1
[!] New Packet: 10.137.2.30 -> 10.137.2.1
[!] New Packet: 10.137.2.1 -> 10.137.2.30
[!] New Packet: 10.137.2.1 -> 10.137.2.30
[!] New Packet: 10.137.2.30 -> 216.58.198.68
[!] New Packet: 216.58.198.68 -> 10.137.2.30
[!] New Packet: 10.137.2.30 -> 216.58.198.68
[!] New Packet: 10.137.2.30 -> 216.58.198.68
[!] New Packet: 216.58.198.68 -> 10.137.2.30
[!] New Packet: 216.58.198.68 -> 10.137.2.30
[!] New Packet: 10.137.2.30 -> 216.58.198.68
[!] New Packet: 10.137.2.30 -> 216.58.198.68
[!] New Packet: 216.58.198.68 -> 10.137.2.30
[!] New Packet: 10.137.2.30 -> 216.58.198.68
^C[*] Stop sniffing

It will continue to sniff network packets until it receives a keyboard interruption (CTRL+C).