I was looking for a well-known CMS (Content Management System) that I could easily run in a Docker container as a target for information security reconnaissance tools, such as WhatWeb.
I found an official Docker image for Joomla, a CMS that I had used previously some years ago: https://hub.docker.com/_/joomla
Using a backend MySQL database on localhost
I had some problems running it at first. I tried to set up a local MariaDB/MySQL database and have the Joomla container communicate directly with the underlying host:
docker run --name some-joomla -e JOOMLA_DB_HOST=localhost:3306 -e JOOMLA_DB_USER=joomla -e JOOMLA_DB_PASSWORD=joomP455 -d joomlaThat didn’t work. The Joomla container crashed shortly after starting. When I looked at the container logs using the following command:
docker logs some-joomlaI found the same error message repeated several times:
Warning: mysqli::__construct(): (HY000/1045): Access denied for user 'joomla'@'localhost' (using password: YES) in /makedb.php on line 20Of course! Within the context of the container, localhost means the container itself!
I was able to get this to work by specifying --network=host. (See Use Host Networking in the Docker documentation.)
Here was the command I used (after creating a joomla database and joomla database user):
docker run --name some-joomla -e JOOMLA_DB_HOST=127.0.0.1 -e JOOMLA_DB_USER=joomla -e JOOMLA_DB_PASSWORD=joomP455 -e JOOMLA_DB_NAME=joomla --network host -d joomlaUsing a Dockerized MySQL database as the backend
That was great progress! But since this was just for a temporary demo, I found an even easier way: using a MySQL Docker container as the backend database: https://hub.docker.com/_/mysql
This is what I tried the first time:
docker run --name some-mysql -e MYSQL_ROOT_PASSWORD=passW0rd -e MYSQL_DATABASE=joomla -e MYSQL_USER=joomla -e MYSQL_PASSWORD=joomP455 -d mysql:latestThat didn’t work, though. When I started the Joomla container using the following command:
docker run --name some-joomla --link some-mysql:mysql -p 8080:80 -d joomla:latestThe container would soon stop. I looked at the logs using docker logs some-joomla and found the same error message repeated numerous times:
Warning: mysqli::__construct(): The server requested authentication method unknown to the client [caching_sha2_password] in /makedb.php on line 20I searched for that error message, and found a GitHub issue for another project that suggested downgrading MySQL (https://github.com/laradock/laradock/issues/1390).
docker run --name some-mysql -e MYSQL_ROOT_PASSWORD=passW0rd -e MYSQL_DATABASE=joomla -e MYSQL_USER=joomla -e MYSQL_PASSWORD=joomP455 -d mysql:5
docker run --name some-joomla --link some-mysql:mysql -p 8080:80 -d joomla:latestIt worked! I was able to access the Joomla setup on http://localhost:8080
However, I ran into an error on step 2 of the web-based Joomla setup (configuring the database):
Error
Could not connect to the database. Connector returned number: Could not connect to MySQL server.I turns out, I had specified localhost as the database host, as suggested. This is, of course, the same problem I had before: localhost, on the container, is the container itself! I used the following command:
docker inspect some-mysqlFrom that output I discovered that the some-mysql container’s IP address was 172.17.0.2, which was reachable from the other container.
Unless your Docker installation is substantially different, if you start the some-mysql container followed by the some-joomla container, you can likely used the same IP address I did. (In my case, the some-joomla container’s IP address was the next sequential address: 172.17.0.3.)
Scanning the Joomla container
Now I had a running Joomla instance that I could target using WhatWeb and other scanners:
# whatweb -a 4 localhost:8080
http://localhost:8080 [200 OK] Apache[2.4.38], Cookies[e6b39c2ef305d5fa34c3ba66a227b8de], HTML5, HTTPServer[Debian Linux][Apache/2.4.38 (Debian)], HttpOnly[e6b39c2ef305d5fa34c3ba66a227b8de], IP[::1], JQuery, MetaGenerator[Joomla! - Open Source Content Management], OpenSearch[http://localhost:8080/index.php/component/search/?layout=blog&id=9&Itemid=101&format=opensearch], PHP[7.2.23], Script, Title[Home], X-Powered-By[PHP/7.2.23]
Note that downgrading MySQL to a 5.x version is not recommended, but works for a short-lived demo site.
If you wanted to modify the above steps and use the latest version of MySQL (8 as of the time of this writing), follow the step described at https://github.com/laradock/laradock/issues/1390#issuecomment-419562297
I also had the authentication issue, so thanks Chris for the link. I will check it out.
The network issue is better solved by adding a Docker network to your commands. Also you might do better to create a docker.compose configuration and run it all in one command.
@Cliff, you’re right, using Docker Compose simplifies this substantially. I’ve created a Docker Compose file and added it to the following repo:
https://github.com/cherdt/docker-scan-targets