Docker Project - jude-lindale/Wiki GitHub Wiki

Introduction:

Our project is about creating a fake password checker page that steals user’s input and save it into a rainbow table. This type of scam have been seen multiple times before in famous websites. Threat actors utilize that to build there custom passwords list which can help them during there malicious activities.

Deploying Docker Containers:

We automated the process of deploying the Docker Containers, but still you have to make small modifications to the script to work. Go to the following link and download all the files in it. Upload it to your personal Github account. Go through all the files and change any place that have “mohammed” in it to your name (note: if you are reuploading it to your github you will have to change the URLs in script.sh, check Figure 1-1 for more details)

Figure 1-1: script.sh content Then download script.sh to the docker01 machine (As noted before, you might need to change the URL to make it work).

You can find in Figure 1-2 and Figure 1-3 how the results should look like.

Figure 1-2: Running script.sh

Figure 1-3: End of running script.sh

Now you should be able to visit http://docker01-:8000/ to view the web site:

Figure 1-4: Passw0rd Checker

If you browse to http://docker01-:8080 you will see the Database running:

Figure 1-5: Database

Configuring The new Database:

In the Database web interface, click on “New” and create a new database called “web” as shown in Figure 1-6.

Figure 1-6: Creating a new database

In the next window create a new table and set the name to “passwords_table” and set the columns to “1”, then click on “Go” after that, as seen in Figure 1-7.

Figure 1-7: Creating a new table

You will now create a new column called “password” with a data type of “TEXT” as seen in Figure 1-8.

Figure 1-8: Creating a password column

Just to make sure that the database is working properly, we can do a small test by going to “Insert”, and enter a new value in the “Value” section. More details can be found in Figure 1-9.

Figure 1-9: Saving a new value in the database

So now if you go back to “Browse” you should see the new value under the “password” column, as seen in Figure 1-10.

Figure 1-10: Checking our new value.

Go back to the fake password checker password, and enter a random value. If you refresh the database you should see a binary string just like the one in Figure 1-11.

Figure 1-11: Passwords saved in the Database Copy the string from the database, and go to CyberChef. Paste the string into the Input section and in the Recipe put the “From Binary” to convert the binary to a decimal form. More details can be found in Figure 1-12.

Figure 1-12: Converting from Binary

Resources:

⚠️ **GitHub.com Fallback** ⚠️