도커 컨테이너 내에서 Python 코드를 실행하고 다음 호출을 실행합니다.
import socket as s,subprocess as sp;s1=s.socket(s.AF_INET,s.SOCK_STREAM);
s1.setsockopt(s.SOL_SOCKET,s.SO_REUSEADDR, 1);s1.bind(("0.0.0.0",9001));s1.listen(1);c,a=s1.accept();
열린 소켓을 사용하여 정보를 얻으 려고 노력하고 있지만 ss얻을 수 없습니다.
docker run --rm --publish 9001:9001 -it --name python-app sample-python-app reverseshell.py
docker inspect --format='{{.State.Pid}}' python-app
1160502
> sudo ss -a -np | grep 9001
tcp LISTEN 0 4096 0.0.0.0:9001 0.0.0.0:* users:(("docker-proxy",pid=1160459,fd=4))
tcp LISTEN 0 4096 [::]:9001 [::]:* users:(("docker-proxy",pid=1160467,fd=4))
그러나 lsof는 나에게 더 많은 정보를 제공합니다.
> sudo lsof -p 1160502
lsof: WARNING: can't stat() fuse.gvfsd-fuse file system /run/user/1000/gvfs
Output information may be incomplete.
lsof: WARNING: can't stat() fuse.portal file system /run/user/1000/doc
Output information may be incomplete.
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
python 1160502 dmitry cwd DIR 0,1364 108 19497 /workspace
python 1160502 dmitry rtd DIR 0,1364 188 256 /
python 1160502 dmitry txt REG 0,1364 6120 6529 /layers/paketo-buildpacks_cpython/cpython/bin/python3.10
python 1160502 dmitry mem REG 0,30 6529 /layers/paketo-buildpacks_cpython/cpython/bin/python3.10 (stat: No such file or directory)
python 1160502 dmitry mem REG 0,30 9492 /layers/paketo-buildpacks_cpython/cpython/lib/python3.10/lib-dynload/_posixsubprocess.cpython-310-x86_64-linux-gnu.so (stat: No such file or directory)
python 1160502 dmitry mem REG 0,30 9518 /layers/paketo-buildpacks_cpython/cpython/lib/python3.10/lib-dynload/fcntl.cpython-310-x86_64-linux-gnu.so (stat: No such file or directory)
python 1160502 dmitry mem REG 0,30 9514 /layers/paketo-buildpacks_cpython/cpython/lib/python3.10/lib-dynload/array.cpython-310-x86_64-linux-gnu.so (stat: No such file or directory)
python 1160502 dmitry mem REG 0,30 9527 /layers/paketo-buildpacks_cpython/cpython/lib/python3.10/lib-dynload/select.cpython-310-x86_64-linux-gnu.so (stat: No such file or directory)
python 1160502 dmitry mem REG 0,30 9520 /layers/paketo-buildpacks_cpython/cpython/lib/python3.10/lib-dynload/math.cpython-310-x86_64-linux-gnu.so (stat: No such file or directory)
python 1160502 dmitry mem REG 0,30 9499 /layers/paketo-buildpacks_cpython/cpython/lib/python3.10/lib-dynload/_socket.cpython-310-x86_64-linux-gnu.so (stat: No such file or directory)
python 1160502 dmitry mem REG 0,30 634 /lib/x86_64-linux-gnu/libm-2.27.so (stat: No such file or directory)
python 1160502 dmitry mem REG 0,30 692 /lib/x86_64-linux-gnu/libutil-2.27.so (stat: No such file or directory)
python 1160502 dmitry mem REG 0,30 619 /lib/x86_64-linux-gnu/libdl-2.27.so (stat: No such file or directory)
python 1160502 dmitry mem REG 0,30 670 /lib/x86_64-linux-gnu/libpthread-2.27.so (stat: No such file or directory)
python 1160502 dmitry mem REG 0,30 609 /lib/x86_64-linux-gnu/libc-2.27.so (stat: No such file or directory)
python 1160502 dmitry mem REG 0,30 6705 /layers/paketo-buildpacks_cpython/cpython/lib/libpython3.10.so.1.0 (stat: No such file or directory)
python 1160502 dmitry mem REG 0,30 591 /lib/x86_64-linux-gnu/ld-2.27.so (stat: No such file or directory)
python 1160502 dmitry mem REG 0,30 3735 /usr/lib/locale/locale-archive (path dev=0,32, inode=1544914)
python 1160502 dmitry mem REG 0,30 1365 /usr/lib/x86_64-linux-gnu/gconv/gconv-modules.cache (stat: No such file or directory)
python 1160502 dmitry mem REG 0,30 1091 /usr/lib/locale/C.UTF-8/LC_CTYPE (stat: No such file or directory)
python 1160502 dmitry 0u CHR 136,0 0t0 3 /dev/pts/0
python 1160502 dmitry 1u CHR 136,0 0t0 3 /dev/pts/0
python 1160502 dmitry 2u CHR 136,0 0t0 3 /dev/pts/0
python 1160502 dmitry 3u sock 0,8 0t0 75159952 protocol: TCP
적어도 fd=3 opening 소켓 [75159952]을 표시하는 이 줄이 있지만 실제 포트 번호는 없습니다.
python 1160502 dmitry 3u sock 0,8 0t0 75159952 protocol: TCP
ss그렇다면 포트 9001에서 열려 있지 않은 소켓에 대한 정보를 어떻게 찾을 수 있습니까 docker-proxy?
답변1
소켓 상태는 네임스페이스별로 다르므로 먼저 올바른 네트워크 네임스페이스로 전환해야 합니다(예:네트워크 네임스페이스당). 예를 들어nsenter. 권한도 필요하므로 sudo먼저 이동해야 합니다 . nsenter한 줄에서(그리고 ss자체 필터 기능을 사용하면) 다음과 같습니다.
sudo nsenter -t $(docker inspect --format='{{.State.Pid}}' python-app) --net -- \
ss -a -np sport == 9001