Challenge 17

Welcome to challenge 17. You need to guess the secret that is hidden in Java, Docker, Kubernetes, Vault, AWS or GCP.

Bash history

This developer has created a container and has had it running for a while. He uses it for a lot of work and is careful to not hardcode any secrets. When he needs to use secrets, he simply writes them in a Bash command when executing; therefore they disappear as soon as he writes them and remain secret. Right?

We all have little secrets hidden in our past, including Bash. Access the container and see if you can find one.

Answer to solution :

As the challenge states you need to look for Bash commands that have been executed in the past; what command will give us this?

You can solve this challenge using the following steps:

  1. Use bash within the container to access the history and find the secret:

    • Access the bash shell of the container, this can be done with docker exec -it jeroenwillemsen/wrongsecrets: bash (Replace with the version of the container you want to use).

    • Type history to list the commands that have been used within the container

  2. Print contents of any .bash_history file within a running container:

    • Start the container with docker run -it --entrypoint bash jeroenwillemsen/wrongsecrets:

    • cat the contents of the file: cat ~/.bash_history. Once you have this file you can use grep or any other search tool to narrow down the answer.

Why entering secrets in bash is a bad idea.

The command line can feel temporary and safe, but it is often being logged. This is a standard feature with most shells. Some do have protections in place, and most tools that request a secret will not print it. However, when writing custom commands these protections are not in place and you can easily shoot yourself in the foot.

Leaking secrets is a little hard to do with a Dockerfile when creating a container. However, if you have a container that you are using regularly, you do not delete it and you are typing in secrets in plaintext, then a malicious actor could use your seemingly innocuous docker container to escalate privileges. Potentially leading them to exploit something a lot more important than your PC.