Docker can be an easy and efficient way to run web applications, but you may want to run multiple applications on the same Docker host. In this situation, yo…

Arrancar Container Detached y con Reinicio:

*p.ej: Para arrancar guacamole en ARM docker run -d --restart unless-stopped -p 8080:8080 -v /home/user/guacamole:/config oznu/guacamole:armhf

Desplegar Portainer:

docker volume create portainer_data
docker run -d -p 8000:8000 -p 9443:9443 --name portainer --restart=always -v /var/run/docker.sock:/var/run/docker.sock -v portainer_data:/data portainer/portainer-ce:latest

What is SQL Injection?
The point wherein a web application using SQL can turn into SQL Injection is when user-provided data gets included in the SQL query.

What does it look like?
Take the following scenario where you've come across an online blog, and each blog entry has a unique id number. The blog entries may be either set to public or private depending on whether they're ready for public release. The URL for each blog entry may look something like this:

https://website.thm/blog?id=1

From the URL above, you can see that the blog entry been selected comes from the id parameter in the query string. The web application needs to retrieve the article from the database and may use an SQL statement that looks something like the following:

SELECT * from blog where id=1 and private=0 LIMIT 1;

From what you've learned in the previous task, you should be able to work out that the SQL statement above is looking in the blog table for an article with the id number of 1 and the private column set to 0, which means it's able to be viewed by the public and limits the results to only one match.

As was mentioned at the start of this task, SQL Injection is introduced when user input is introduced into the database query. In this instance, the id parameter from the query string is used directly in the SQL query.

Let's pretend article id 2 is still locked as private, so it cannot be viewed on the website. We could now instead call the URL:

https://website.thm/blog?id=2;--

Which would then, in turn, produce the SQL statement:

SELECT * from blog where id=2;-- and private=0 LIMIT 1;

The semicolon in the URL signifies the end of the SQL statement, and the two dashes cause everything afterwards to be treated as a comment. By doing this, you're just, in fact, running the query:

SELECT * from blog where id=2;--

Which will return the article with an id of 2 whether it is set to public or not.

$ sudo su
umount /tmp/.X11-unix
rm -r /tmp/.X11-unix

... después ya podemos arrancar kex desde la misma sesión

$ kex --win

... más info en https://www.kali.org/docs/wsl/win-kex/

Ruta configuración:

• Linux Containers: /etc/pev/lxc/*.conf
• VMs: /etc/pev/qemu-server/*.conf

Consolidar almacenamiento tras instalación por defecto:

• borrar desde la gui el almacenamiento local-lvm
• lvremove /dev/pve/data
• lvresize -l +100%FREE /dev/pve/root
• resize2fs /dev/mapper/pve-root
• añadir desde la gui al almacenamiento local CT Images, VM Images, ...

Cambiar nombre a un contenedor LXC:

• pct set <VMID> --hostname <newname>

You have learned how ARP, ICMP, TCP, and UDP can detect live hosts by completing this room. Any response from a host is an indication that it is online. Below is a quick summary of the command-line options for Nmap that we have covered.

Scan Type Example Command

• ARP Scan sudo nmap -PR -sn MACHINE_IP/24
• ICMP Echo Scan sudo nmap -PE -sn MACHINE_IP/24
• ICMP Timestamp Scan sudo nmap -PP -sn MACHINE_IP/24
• ICMP Address Mask Scan sudo nmap -PM -sn MACHINE_IP/24
• TCP SYN Ping Scan sudo nmap -PS22,80,443 -sn MACHINE_IP/30
• TCP ACK Ping Scan sudo nmap -PA22,80,443 -sn MACHINE_IP/30
• UDP Ping Scan sudo nmap -PU53,161,162 -sn MACHINE_IP/30

Remember to add -sn if you are only interested in host discovery without port-scanning. Omitting -sn will let Nmap default to port-scanning the live hosts.

Option Purpose
-n no DNS lookup
-R reverse-DNS lookup for all hosts
-sn host discovery only