Challenge 17 ☆☆☆

Welcome to challenge Challenge 17.

Bash history

This developer has created a container and has had it running for a while. He uses it for a lot of work and is careful to not hardcode any secrets. When he needs to use secrets, he simply writes them in a Bash command when executing; therefore they disappear as soon as he writes them and remain secret. Right?

We all have little secrets hidden in our past, including Bash. Access the container and see if you can find one.

💡 Tip: Secrets are often strings, numbers, or encoded values. Copy and paste exactly what you find.

As the challenge states you need to look for Bash commands that have been executed in the past; what command will give us this?

You can solve this challenge using the following steps:

  1. Print contents of any .bash_history file within a running container:

    • Start the container with docker run -it --entrypoint sh jeroenwillemsen/wrongsecrets:<version> (Replace `<version> with the version of the container you want to use)

    • cat the contents of the file: cat ~/.bash_history. Once you have this file you can use grep or any other search tool to narrow down the answer.

Why entering secrets in bash is a bad idea.

The command line can feel temporary and safe, but it is often being logged. This is a standard feature with most shells. Some do have protections in place, and most tools that request a secret will not print it. However, when writing custom commands these protections are not in place and you can easily shoot yourself in the foot.

Leaking secrets is a little hard to do with a Dockerfile when creating a container. However, if you have a container that you are using regularly, you do not delete it and you are typing in secrets in plaintext, then a malicious actor could use your seemingly innocuous docker container to escalate privileges. Potentially leading them to exploit something a lot more important than your PC.


⬅️ Previous
🏠 Main Page
Next ➡️
0