* added mysql docker image

* started login php
2025-09-17 13:29:49 +02:00 · 2025-09-17 13:29:49 +02:00 · 0b086582b6
commit 0b086582b6
parent 0d6e29b1e8
5 changed files with 36 additions and 11 deletions
--- a/config/supervisord.conf
+++ b/config/supervisord.conf
@ -8,5 +8,3 @@ autorestart=true
 [program:apache2]
 command=/usr/sbin/apache2ctl -D FOREGROUND
 autorestart=true
-
-# [program:mysql-server]
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@ -1,6 +1,9 @@
 FROM ubuntu:24.04

 ENV DEBIAN_FRONTEND=noninteractive
+ENV MYSQL_ROOT_PASSWORD=39gknzLD
+ENV MYSQL_DATABASE=app
+

 RUN apt update && apt upgrade -y && \
    apt install -y \
@ -10,7 +13,6 @@ RUN apt update && apt upgrade -y && \
    vim \
    supervisor \
    openssh-server \
-    mysql-server \
    sudo \
    cowsay \
    php \
@ -59,7 +61,6 @@ RUN chown l33t:l33t /home/l33t/user.txt
 COPY ./flags/root.txt /root/
 RUN chown root:root /root/root.txt

-
 # 22 port -> ssh, 31337 port (suggestion) -> vulnerable webserver players need to find using nmap port scans

 EXPOSE 22
--- a/docker/docker-compose.yml
+++ b/docker/docker-compose.yml
@ -1,10 +1,24 @@
 services:
+  db:
+    image: mysql:8.1
+    environment:
+      MYSQL_ROOT_PASSWORD: 39gknzLD
+      MYSQL_DATABASE: app
+    volumes:
+      - $PWD/config/base.sql:/docker-entrypoint-initdb.d/base.sql:ro
+    ports:
+      - "3306:3306"
  app:
    hostname: srv1prod
    build:
      context: ..
      dockerfile: docker/Dockerfile
    container_name: "ji-ctf-dockerized"
+    environment:
+      MYSQL_ROOT_PASSWORD: 39gknzLD
+      MYSQL_DATABASE: app
    ports:
      - "22:22"
-      - "31337:31337"
+      - "31337:31337"
+    depends_on:
+      - db
--- a/www/login.php
+++ b/www/login.php
@ -26,15 +26,27 @@
    // add sqli vulnerable login functionnality
    // ??
    // profit
-        if (! empty($_POST)) {
-            $name = $_POST['username'];
-            $password = $_POST['password'];
-            if (empty($name)) {
-                echo "Username is empty";
+    $servername = "db";
+    $username = "root";
+    $password = "39gknzLD";
+
+    $conn = new mysqli($servername, $username, $password);
+
+    if (! empty($_POST)) {
+        $name = $_POST['username'];
+        $password = $_POST['password'];
+        if (empty($name)) {
+            echo "Username is empty.";
+        } else {
+            $sql = 'SELECT username,pass FROM users WHERE username=' . $name . ' AND pass=' . $password; // sqli here
+            $result = $conn->query($sql);
+            if ($result->num_rows > 0) {
+                echo "CONNECTED" // do redirect to upload page
            } else {
-                echo $name;
+                echo "Wrong username or password !";
            }
        }
+    }
    ?>
 </body>
 </html>
--- a/www/upload.php
+++ b/www/upload.php