Docker Registry Pentesting

Last modified: Thu Feb 08 2024 00:00:00 GMT+0000 (Coordinated Universal Time)

Container

Docker Registry is a steteless, highly scalable server side application that stores and lets you distribute Docker images. A default port is 5000.

Endpoints

/v2/_catalog
/v2/<repository>/tags/list
# We can download the manifest given tag.
/v2/<repository>/manifests/<tag>

Extract Layers

If we download the manifest with the above, see the content and blobsums (sha256:abcd...) in fsLayers.

curl -so 1.tar https://example.com:5000/v2/<repository>/blobs/sha256:abcd...
tar -xvf 1.tar

After extracting tar files, investigate files or directories to find the sensitive information.