Running applications vulnerable to security exploits can expose your system to hackers. This could result in downtime, data loss or important information disclosure that can have in-reversal impact on a company.
In this scenario you'll see how easy it is for hackers to break into applications using curl commands. The scenario uses an older version of Elasticsearch which was vulnerable to a remote exploit and detailed in CVE-2015-1427.
Given how easy it is for attackers to identify and exploit applications it's increasingly important to ensure that you have the correct container security in place.
In this scenario we demonstrated how easy it could be for attackers to break into applications running inside a container. By default Docker's security protects the host and system and exposing information such as .ssh keys or passwords.
However, it demonstrates that people still need to be aware of which version of software they're running and potential vulnerabilities which is may contain. Docker's security gives you a greater level of protection than running the process on the host, however there still needs to be a strong security practice in place.
In future scenarios we cover additional Docker security features to reduce the attack surface area.
Hack ElasticSearch container
Step 1 - Start Container
To start we'll launch a container running Elasticsearch 1.4.2 which we'll later exploit.
Launch the container
docker run -d -p 9200:9200 --name es benhall/elasticsearch:1.4.2
By default Docker drops certain Linux capabilities and blocks syscalls to add a default level of security. As a result, the attacker is isolated and the host protect from different attack angles a hacker might use.