/private-docker-registry-fetcher

For interacting with the private Docker registry in a certain HTB box. Interacts using auth token system and Docker v2 API.

Primary LanguagePythonMIT LicenseMIT

private-docker-registry-fetcher

For interacting with the private Docker registry in a certain HTB box. Interacts using auth token system and Docker v2 API.

It obtains the name of a repo that the registry is hosting, then finds all tags for that repo, and checks the manifest of the tag it finds. After all that, it downloads all blobs that are shown in the manifest.

A lot of this repo is specific to that one HTB box, so use with care.

Instructions

exploit.py [-h] IP Blob_Directory
  • IP is the address of the target. HTTPS is assumed. Port numbers are also assumed.
  • Blob_Directory is the relative path to the directory where you want all the blobs downloaded into

Acknowledgement

The overall procedure was inspired by this excellent walkthrough by 0xdf for a previous HTB box. The code for downloading all blobs was adapted from NotSoSecure's docker_fetch repo. Details on the Docker registry v2 API's token mechanism were obtained from here. Thank you all 👏