Informazioni di base

DigitalOcean Container Registry è un servizio fornito da DigitalOcean che consente di archiviare e gestire immagini Docker. Si tratta di un registro privato, il che significa che le immagini che archivi in esso sono accessibili solo a te e agli utenti ai quali concedi l'accesso. Ciò ti consente di archiviare e gestire in modo sicuro le tue immagini Docker e di utilizzarle per distribuire contenitori su DigitalOcean o su qualsiasi altro ambiente che supporti Docker.

Durante la creazione di un Registro dei contenitori è possibile creare un segreto con accesso di lettura (pull images) su tutti i namespace dei cluster Kubernetes.

Connessione

# Using doctl
doctl registry login

# Using docker (You need an API token, use it as username and as password)
docker login registry.digitalocean.com
Username: <paste-api-token>
Password: <paste-api-token>

Enumerazione

Docker Registry

The Docker Registry is a service provided by DigitalOcean that allows users to store and distribute Docker images. When performing a penetration test on a DigitalOcean container registry, there are several enumeration techniques that can be used to gather information about the registry and its contents.

DNS Enumeration

DNS enumeration can be used to discover subdomains associated with the container registry. This can be done using tools such as dnsrecon or dnsenum. By querying the DNS records, it is possible to identify additional endpoints that may be used by the registry.

Port Scanning

Port scanning can help identify open ports and services running on the container registry. Tools like nmap can be used to scan for open ports and determine the services running on those ports. This can provide valuable information about the registry's infrastructure.

Web Enumeration

Web enumeration involves scanning the web application associated with the container registry. This can be done using tools like dirb or gobuster to discover hidden directories and files. By enumerating the web application, it is possible to find additional endpoints and gather information about the registry.

API Enumeration

If the container registry has an API, it can be enumerated to gather information about the registry and its contents. Tools like curl or Postman can be used to send requests to the API endpoints and retrieve information about the registry, such as the available images and their tags.

User Enumeration

User enumeration involves identifying valid usernames associated with the container registry. This can be done by attempting to register new users or by brute-forcing the login page. By identifying valid usernames, an attacker can gain further insight into the registry and potentially exploit any misconfigurations or vulnerabilities.

Metadata Enumeration

Metadata enumeration involves gathering information about the container registry's metadata. This can include information such as the registry's version, configuration settings, and other metadata associated with the registry. Tools like docker or registry-cli can be used to retrieve this information.

By using these enumeration techniques, a penetration tester can gather valuable information about the DigitalOcean container registry and its contents. This information can then be used to identify potential vulnerabilities and plan further attacks.

# Get creds to access the registry from the API
doctl registry docker-config

# List
doctl registry repository list-v2