OK, if you starting with docker, you probably want to know that: 8:55 When you start container you can ofc give it a name with `--name some_name` (if you do not give any name it will assign some radom one, in this case it was `cool_yonath`) later if you want to exec something it there, instead of using id, you can use that name. Also if you are using if, you don't need to use full id (in fact that id that is displayed when you use `docker ps` is also first 12 characters of id) you need to use enough characters to have single matching result (it might be even only 1 character) ps: if you using distro with selinux enabled, mount your volumes with `:z` at the end, eg: `-v $PWD:/pwd:z` ps2: if you run container with `--link container_name:hostname` you are getting connectivity to mentioned container (`ping hostname`)
@@martingregorik2046 you might even use the first 2 characters if they are unique. But if you recreate the container it has another id, so it is better to give the containers a name. PS: You can use TAB-completition on the container names, so no need for long typing and you have meaningful names.
I made a docker-like program (called doqueru-kun) and a tutorial that made me understand how docker works. Waiting for your next video to link it in my project!
You could use a bridge network for inter-container communication. With it you don't need to expose any port to the local network and can use the name of the container as IP address
>beginning of video: Docker. Docker container. Docker. >Middle of video: docker docks docking docks docker dock >end of video: dakka dakka durka durka docka docka dock i think im going insane XD
@@selimeneskaraduman6935 i think point was that explanation of docker and everything is so great that it would also great to explain such plain simple thing as copypaste
Mattia Righetti I thought we should use both since ya know they serve different purposes Put whatever kubernetes vs docker : ua-cam.com/video/2vMEQ5zs1ko/v-deo.html
When using VSCode there is that awesome plugin that runs your current workspace on docker, so the set up is much easier and the development is much cleaner.
I have a container setup with the Kali Linux Desktop Environment running and I use Reminna to access it; But it slows my machine done as much as a VM does.
if u want your last container to execute an arbitrary command, you can prefix the command with docker exec -it $(docker ps -lq) maybe someone reads this and finds it useful (in an automated setup ofcourse)
Can I use docker for doing CTFs? Many recommend using a VM to participate in CTFs for security purposes. But are docker containers more secure than a VM sandbox?
My go-to VPS host is scaleway, very similar to digitalocean in usage (also pretty flexible) but much cheaper. And they have some pretty nice AMD epyc machines.
I'm used to use Netcup for servers because a) it's a german service so the data is stored in germany and b) from what I had seen it seemed far less expansive even considering the free bonus I get as a student or by such promotions.
This intro to docker has made the most sense out of every other explanation I have been given, but I still don't get what the difference between this and a VM is.
A VM contains a whole OS (yes, including a kernel), and is a resource hog. A container holds just the files necessary to operate it (like database binaries, for instance ), uses the host kernel, and is much, much lighter and faster.
Hey, ist da ein weg um mit dir zu kommunizieren? habe heute möglicherweise einen iteresanten bug gefunden in einem Parkautomaten. Muss aber mal wieder zurück und austesten ob das wirklich so jedesmal funktioniert. Wenn ja, dann gibt es einen weg um ohne zu bezahlen aus dem parkhaus raus zufahren;)
Great video, for me Docker already starts to feel a old tech , because I am already working with Docker for 2 years but it is so rare to see videos for new guys talking about docker. But side note, in the first time you talk about the docker build command was to create a container that it is incorrect, but I think that was just a little mistake
Yes, you have to use a feature called "bridge network". You create a network (with 'docker network create ') and then when you run a container you add the option '-network '. All the ports will be exposed by default from from inside the network, and you can use the name of the container as IP address alias :)
Packer is a tool from HashiCorp that builds machine images. So unlike Docker, it's not container technology. Vagrant is basically (really oversimplified here) a CLI tool for managing VMs. Packer allows you to "pack" all your programs and whatever you might need, bundles that up and spits out an AMI or VMDK/VMX or OVF file. Basically a dockerfile for VMs.
`docker-compose` is its own package and ‘docker compose` is just docker with the compose plugin, which comes by default. You shouldn’t need the docker-compose package if all you’re doing is basic compose launching.
Damn. Awesome. Time to spend the day trawling through docker docs and learning. This is wouldnt work for anything with a gui right? Like a crackme with a window pop up for a password would just have to run on your main host wouldnt it?
It's possible to forward X applications out of the container into your own X session. This requires that you're on Linux, are using X and not Wayland (maybe there's a way to use XWayland, but I don't know how), and set it up in your Dockerfile. somatorio.org/en/post/running-gui-apps-with-docker/
nice content, @liveoverflow I have been following for a while an I have been wanting to start playing RE/ ctf's and I suck at it, I have been looking for a strong basics where I can start and get a hold of the sub, please refer a source since you are good at it I was hoping you would know a better place to begin for a noon.
Not (necessarily) true: "Docker on Windows runs a hidden Linux VM" The Windows kernel actually supports something quite similar to the Linux namespaces thingy, called "Containers". When using Docker in Container mode on Windows, no VM is necessary or used. In fact this feature even enables Windows to be able to run both Linux Containers AND Windows containers (yes, you can download and run a Windows 10 container) side-by-side simultaneously.
Yes, Docker has two types for Windows. One is newer Docker for Windows which uses this Windows functionality for containers (but AFAIK requires Windows 10 Pro) and the other is Docker Toolbox which uses VirtualBox to run boot2docker Linux VM.
I searched the web and found this: CTF (Capture The Flag) is a kind of information security competition that challenges contestants to solve a variety of tasks ranging from a scavenger hunt on wikipedia to basic programming exercises, to hacking your way into a server to steal data.
Please don't run your docker commands as root. That can break some docker images. It is way better to add your user to the docker group, which will give you (for docker) pretty much the same abilities. There is also a really nice utility called ctop(github/bcicen/ctop) which is pretty much htop for docker. Also, look into docker registries (for example hosted on GitLab) to save your Docker images so you don't have to recompile them every time. Also using networks or the deprecated link flag can save you the trouble of exposing hosts to the outside world, and can make it a lot more comprehensible to see which container is connecting to which.
Mh why? I have never had any issues. Ran it as root all the time when using some server. Also access to docker gives you basically root permissions. So I find it a bit weird to not explicitly use sudo and add the group.
@@LiveOverflow I had problems with mounted files, and yes its fixable with chown and chmod, but I think its an unnecessary risk right? If the container does get exploited?
Docker containers are run by a separate process and have their own users inside. The user id may collide, and it can cause trouble, but it can access only the directories you have mounted to it - which is the main issue. Look at docker docs, they even say that giving your user docker privileges, is the same as actually giving your user root priveleges - so it is much less safe, than simply running your docker commands with sudo infront.
Docker Docs are actually too much to lean food someone not too familiar with it. It can be frustrating and a waste of time. I’d recommend some videos from UA-cam to help you with it
I think docker is silly. Why would you download and set up a whole thing that's basically a chroot, just to run some tool? If you don't trust that software then yes, fine. But other than sandboxing, I don't think it's useful for tooling. Maybe I'm thinking about this wrong, but why would i have a container for hashcat and another container for jtr and another container for nmap and another for wfuzz, and so forth. It makes no sense and all you accomplish is wasting your hard drive space on redundant data. And don't tell me that's not how it works, because you literally install stuff with `docker pull`, creating one container image for the one tool you pulled. If you just want a linux environment, feel free to use linux. If you're running on windows you get WSL2. If you are running on mac, get a computer that works and where you don't have to pay for every little thing.
Each app has dependencies that need to be installed. It’s nice to not litter your host system with all these dependencies. Containers are not necessarily used for security. And more about isolation of dependencies and making apps trivial to deploy.
Who felt triggered by me using python2?
Me
For me python2 is way better than python3 and IDK why xD
for these purposes python 3 would be better :)
Me, 2 minutes too late, but eh
I was just scrolling down to comment on this blasphemy!
OK, if you starting with docker, you probably want to know that:
8:55
When you start container you can ofc give it a name with `--name some_name` (if you do not give any name it will assign some radom one, in this case it was `cool_yonath`)
later if you want to exec something it there, instead of using id, you can use that name.
Also if you are using if, you don't need to use full id (in fact that id that is displayed when you use `docker ps` is also first 12 characters of id) you need to use enough characters to have single matching result (it might be even only 1 character)
ps: if you using distro with selinux enabled, mount your volumes with `:z` at the end, eg: `-v $PWD:/pwd:z`
ps2: if you run container with `--link container_name:hostname` you are getting connectivity to mentioned container (`ping hostname`)
you can use first 3 characters of image id to reference the container, which is shorter than typing the name, in most cases
@@martingregorik2046 you might even use the first 2 characters if they are unique. But if you recreate the container it has another id, so it is better to give the containers a name.
PS: You can use TAB-completition on the container names, so no need for long typing and you have meaningful names.
liveoverflow : docker tutorial
everyone: where r u these days ?
I made a docker-like program (called doqueru-kun) and a tutorial that made me understand how docker works. Waiting for your next video to link it in my project!
I saw that blog! Very cool project!
Thank you! That means a lot for me coming from you!
@@LiveOverflow can you give me the link for the Blog which your referring here, I'm
interested read it as well.
You could use a bridge network for inter-container communication. With it you don't need to expose any port to the local network and can use the name of the container as IP address
You can also use docker-compose to create more complex setups, with multiple networks
P2P but you are in container.
Skynet: nice
nc host.docker.internal 1024 (instead of finding the IP address of host), or just use the host network when creating the container
>beginning of video: Docker. Docker container. Docker.
>Middle of video: docker docks docking docks docker dock
>end of video: dakka dakka durka durka docka docka dock
i think im going insane XD
Please explain Ctrl-C and Ctrl-V.
Lmao what
@@selimeneskaraduman6935 i think point was that explanation of docker and everything is so great that it would also great to explain such plain simple thing as copypaste
@@ShivamJha00 3:40
Ctrl+C will create a parallel universe
Docker is just amazing, Kubernetees is the next step
What about Consul?
Mattia Righetti
I thought we should use both since ya know they serve different purposes
Put whatever
kubernetes vs docker :
ua-cam.com/video/2vMEQ5zs1ko/v-deo.html
@@SuperSand2000 what fuck is consul? marca de geladeira? kkkkk
When using VSCode there is that awesome plugin that runs your current workspace on docker, so the set up is much easier and the development is much cleaner.
cool, I should check that out. whats the name?
@@LiveOverflow it's called "Remote Container"
Useful information as always. Thanks LiveOverflow
Dockers are truly a gift for CTFs. I love them so much. And the best thing is that Docker Engine was written in Go!
holy crap. nice animation.. very descriptive.. do this more often..
Great way of explaining things, kudos to you!!
Looking forward to the next video.
(Also Holy shit, I have the green icon now)
Yeah, the time flies
I realized that too some days ago
these videos are amazing, keep up the great work.
Keep doing what you are doing! Greets from Germany :-)
aus Deutschland nach Deutschland? 😉
@@olpqay does it mean From Germany to Germany or something? I can totally use google translate, but Im making a guess
chickenicecream1942 exactly 😉
I have a container setup with the Kali Linux Desktop Environment running and I use Reminna to access it; But it slows my machine done as much as a VM does.
Loved it, this was awesome and now I know what to use!
Thx
if u want your last container to execute an arbitrary command, you can prefix the command with docker exec -it $(docker ps -lq)
maybe someone reads this and finds it useful (in an automated setup ofcourse)
Welcome back pro
Awesome Work Man! Good content
*he bacc*
Ehh Welcome Back!
MIssed you, dude!
So, basically Docker is like a solution to "works on my machine ¯\_(ツ)_/¯" syndrome. 😛
Hey, a video around pwntools would be awesome!
Can I use docker for doing CTFs? Many recommend using a VM to participate in CTFs for security purposes. But are docker containers more secure than a VM sandbox?
Any good ctf list to download
I need many of them
Have you heared about hetzner.de? It is basically like digital ocean but cheaper. They have server farms in Germany and Finland.
My go-to VPS host is scaleway, very similar to digitalocean in usage (also pretty flexible) but much cheaper. And they have some pretty nice AMD epyc machines.
@@juliavanderkris5156 Hetzner also has a huge selection of dedicated server models btw. (Also Epyc)
Hi, I have a problem using ctfdocker ---- when using "gdb.attach(io)" with pwntools, how Launch a new terminal in docker container?
I'm used to use Netcup for servers because a) it's a german service so the data is stored in germany and b) from what I had seen it seemed far less expansive even considering the free bonus I get as a student or by such promotions.
If you want to run something on the host machine ip from a container you don't need to look for the ip you can just use host.docker.internal :)
The digital ocean refferral link didnt work for me :((
L33t is back :)
Love docker, especially when I'm working on a M1 Mac book and need to install tools developed for linux...
This intro to docker has made the most sense out of every other explanation I have been given, but I still don't get what the difference between this and a VM is.
The main difference is that with a VM a separate kernel is used for the guest. With containers, the host and guest share a kernel.
A VM contains a whole OS (yes, including a kernel), and is a resource hog. A container holds just the files necessary to operate it (like database binaries, for instance ), uses the host kernel, and is much, much lighter and faster.
Hey, ist da ein weg um mit dir zu kommunizieren?
habe heute möglicherweise einen iteresanten bug gefunden in einem Parkautomaten.
Muss aber mal wieder zurück und austesten ob das wirklich so jedesmal funktioniert.
Wenn ja, dann gibt es einen weg um ohne zu bezahlen aus dem parkhaus raus zufahren;)
finally a new video
Great video, for me Docker already starts to feel a old tech , because I am already working with Docker for 2 years but it is so rare to see videos for new guys talking about docker. But side note, in the first time you talk about the docker build command was to create a container that it is incorrect, but I think that was just a little mistake
That's cool
Is it possible to expose ports for one container to be used by other containers, without exposing it to the host system?
No.
Yes, you have to use a feature called "bridge network". You create a network (with 'docker network create ') and then when you run a container you add the option '-network '.
All the ports will be exposed by default from from inside the network, and you can use the name of the container as IP address alias :)
Very much yes. In fact that’s the point.
how to doing like gdb.attach on docker ?
Could you please tell in future video the differences between Packer, Vagrant and Docker? Awesome video! :P
No clue what packer is. But vagrant simply manages virtual machines. What docker really is I will explain next video
Packer is a tool from HashiCorp that builds machine images. So unlike Docker, it's not container technology. Vagrant is basically (really oversimplified here) a CLI tool for managing VMs.
Packer allows you to "pack" all your programs and whatever you might need, bundles that up and spits out an AMI or VMDK/VMX or OVF file.
Basically a dockerfile for VMs.
@@LiveOverflow I never got around to finding out why docker stopped using LXC/LXD/LXCFS...
`docker-compose` is its own package and ‘docker compose` is just docker with the compose plugin, which comes by default. You shouldn’t need the docker-compose package if all you’re doing is basic compose launching.
Damn. Awesome. Time to spend the day trawling through docker docs and learning.
This is wouldnt work for anything with a gui right? Like a crackme with a window pop up for a password would just have to run on your main host wouldnt it?
Willy you can. you can run an X server in the Docker container and ssh with X forwarding on your host.
It's possible to forward X applications out of the container into your own X session. This requires that you're on Linux, are using X and not Wayland (maybe there's a way to use XWayland, but I don't know how), and set it up in your Dockerfile.
somatorio.org/en/post/running-gui-apps-with-docker/
nice content, @liveoverflow I have been following for a while an I have been wanting to start playing RE/ ctf's and I suck at it, I have been looking for a strong basics where I can start and get a hold of the sub, please refer a source since you are good at it I was hoping you would know a better place to begin for a noon.
I was wondering what docker was!
Didn't undertsnad half of the video. But the video is still good, ty
Minor correction: Docker on Windows can run without Linux, but usually doesn't
💥💥💥
Miss your videos
thx for the vid
9:58 WHY PYTHON 2??
Not (necessarily) true: "Docker on Windows runs a hidden Linux VM"
The Windows kernel actually supports something quite similar to the Linux namespaces thingy, called "Containers". When using Docker in Container mode on Windows, no VM is necessary or used. In fact this feature even enables Windows to be able to run both Linux Containers AND Windows containers (yes, you can download and run a Windows 10 container) side-by-side simultaneously.
Was looking for that comment
Yes, Docker has two types for Windows. One is newer Docker for Windows which uses this Windows functionality for containers (but AFAIK requires Windows 10 Pro) and the other is Docker Toolbox which uses VirtualBox to run boot2docker Linux VM.
@@filipstamcar6553 yes, although Docker will use Hyper-V instead of VirtualBox by default if it wants to use a VM
Can you update this man
I guess using WSL is perfectly fine if not better in this particular use case? A Windows user's point of view
dumb question, what is CTF??
MilMike - capture the flag, hacking contests where you try to find a special file on the target.
what is ctfs?
Ruchit Micro - Capture The Flag - a contest of breaking into a target and finding special files.
What's CTF?
I searched the web and found this:
CTF (Capture The Flag) is a kind of information security competition that challenges contestants to solve a variety of tasks ranging from a scavenger hunt on wikipedia to basic programming exercises, to hacking your way into a server to steal data.
This is more than docker documentation
Nice x)
wow this looks so complicated, Makes me hate hacking 😕
Finallyyyyyyyy
Please don't run your docker commands as root. That can break some docker images. It is way better to add your user to the docker group, which will give you (for docker) pretty much the same abilities. There is also a really nice utility called ctop(github/bcicen/ctop) which is pretty much htop for docker. Also, look into docker registries (for example hosted on GitLab) to save your Docker images so you don't have to recompile them every time. Also using networks or the deprecated link flag can save you the trouble of exposing hosts to the outside world, and can make it a lot more comprehensible to see which container is connecting to which.
Mh why? I have never had any issues. Ran it as root all the time when using some server.
Also access to docker gives you basically root permissions. So I find it a bit weird to not explicitly use sudo and add the group.
@@LiveOverflow I had problems with mounted files, and yes its fixable with chown and chmod, but I think its an unnecessary risk right? If the container does get exploited?
Docker containers are run by a separate process and have their own users inside. The user id may collide, and it can cause trouble, but it can access only the directories you have mounted to it - which is the main issue.
Look at docker docs, they even say that giving your user docker privileges, is the same as actually giving your user root priveleges - so it is much less safe, than simply running your docker commands with sudo infront.
Gasp running docker as super user
Why are you surprised?
Don't use `sudo` to run docker commands! add your user to the `docker` group instead, no more nagging for passwords for using docker!
I prefer sudo
it's not secure, read docs
apt-get install docker.io docker-compose -y
Perhaps first?
hi first
i know its childish
@@shootingshooter2829 yeah it is
All IT work should be security work.
@@homelessrobot you know what? You're right. Keep IT Interesting.
CT-Who?
Docker Docs are actually too much to lean food someone not too familiar with it. It can be frustrating and a waste of time. I’d recommend some videos from UA-cam to help you with it
Hi
hihi
It should work on windows. Well yes but actually no.
13th
I think docker is silly. Why would you download and set up a whole thing that's basically a chroot, just to run some tool? If you don't trust that software then yes, fine. But other than sandboxing, I don't think it's useful for tooling. Maybe I'm thinking about this wrong, but why would i have a container for hashcat and another container for jtr and another container for nmap and another for wfuzz, and so forth. It makes no sense and all you accomplish is wasting your hard drive space on redundant data. And don't tell me that's not how it works, because you literally install stuff with `docker pull`, creating one container image for the one tool you pulled.
If you just want a linux environment, feel free to use linux. If you're running on windows you get WSL2. If you are running on mac, get a computer that works and where you don't have to pay for every little thing.
Each app has dependencies that need to be installed. It’s nice to not litter your host system with all these dependencies. Containers are not necessarily used for security. And more about isolation of dependencies and making apps trivial to deploy.
I have actually seen way better docker videos...kind of disappointed.