Re: [W3af-users] W3AF Docker and Windows
Status: Beta
Brought to you by:
andresriancho
Menu
▾
▴
Re: [W3af-users] W3AF Docker and Windows
|
From: Andres R. <and...@gm...> - 2015-11-13 12:15:16
|
On Thu, Nov 12, 2015 at 6:16 PM, Vojtěch Polášek <kr...@gm...> wrote: > Hi, > it is Openssh running on Windows, so it should work. > I am passing the .prv file as an argument, I hope it is right. You shouldn't hope, use -v (verbose) to debug the ssh connection, this will tell you if the ssh client is sending the key, etc. > Is there > any other possibility to enter commands into the running container? https://docs.docker.com/engine/reference/commandline/exec/ > Thanks, > Vojta > > Dne 12.11.2015 v 16:05 Andres Riancho napsal(a): >> Vojtěch, >> >> On Thu, Nov 12, 2015 at 8:47 AM, Vojtěch Polášek <kr...@gm...> wrote: >>> Greetings, >>> still no luck. Is it important to mount w3af and w3af-shared volmues to >>> be able to at least log in? >> The volumes [0] AFAIK are not required. If you don't set them w3af >> will create the /root/.w3af inside the docker file system. >> >> [0] https://github.com/andresriancho/w3af/blob/master/extras/docker/scripts/common/docker_helpers.py#L10-L11 >> >>> It would be greate if someone, who is more experienced with docker, >>> could try this. I am running following commands in Powershell: >>> docker-machine start mytest >>> docker-machine env --shell=powershell mytest | Invoke-expression >>> docker run -d andresriancho/w3af >>> docker ps works correctly and displays running sshd daemon on port 22 >> Looks good. >> >>> docker logs <container_id> does not show anything >>> docker top ,container_id> shows only sshd running >> Ok >> >>> When I try to run command posted in the previous mail, still receiving >>> password prompt and w3af as a password does not work. >>> Any ideas? >> Yes, I already asked: Are you sure your SSH client expects the private >> key to be set using -i ? >> >>> Thank you very much, >>> Vojta >>> >>> Dne 2.11.2015 v 21:34 Andres Riancho napsal(a): >>>> I've never done that in Windows, but it should work. You should try to >>>> follow the same steps which are outlined for Linux here [0]. I suspect >>>> you already did most of those since you found the ssh private key. >>>> It's strange that the docker image is asking you for a password if >>>> you're providing a SSH key; maybe -i is not the right flag in your ssh >>>> client? >>>> >>>> [0] https://github.com/andresriancho/w3af/blob/master/extras/docker/scripts/w3af_console_docker >>>> >>>> On Mon, Nov 2, 2015 at 2:28 PM, Vojtěch Polášek <kr...@gm...> wrote: >>>>> Hi, >>>>> does anyone here have experience running W3AF within Docker on Windows. >>>>> I installed docker, downloaded W3AF and ran it, but I had a problem >>>>> while connecting through ssh. Within w3af/extras/docker/scripts/common I >>>>> ran: >>>>> ssh -i w3af-docker.prv -t -t -oStrictHostKeyChecking=no ro...@xx... >>>>> where xxx.xxx.xxx.xxx was the IP address of my docker machine running. >>>>> I connected to the server and tried password w3af, but no success. >>>>> Has anything changed? >>>>> Thanks, >>>>> Vojta >>>>> >>>>> >>>>> ------------------------------------------------------------------------------ >>>>> _______________________________________________ >>>>> W3af-users mailing list >>>>> W3a...@li... >>>>> https://lists.sourceforge.net/lists/listinfo/w3af-users >>>> >>> >>> ------------------------------------------------------------------------------ >>> _______________________________________________ >>> W3af-users mailing list >>> W3a...@li... >>> https://lists.sourceforge.net/lists/listinfo/w3af-users >> >> > > > ------------------------------------------------------------------------------ > _______________________________________________ > W3af-users mailing list > W3a...@li... > https://lists.sourceforge.net/lists/listinfo/w3af-users -- Andrés Riancho Project Leader at w3af - http://w3af.org/ Web Application Attack and Audit Framework Twitter: @w3af GPG: 0x93C344F3 |
