david.cozariuc/ctf-chal-ji
1
1
Fork 0
Code Issues 5 Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Merge pull request '3-reduce-docker-container-size' (#7) from 3-reduce-docker-container-size into main

Browse Source 
Reviewed-on: #7
This commit is contained in:
david.cozariuc 2025-09-29 22:00:48 +02:00
commit 140b6e0bf0
3 changed files with 42 additions and 82 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
config/supervisord.conf
View File

@ -1,10 +1,15 @@
[supervisord]
nodaemon=true
user=root
[program:sshd]
command=/usr/sbin/sshd -D
autostart=true
autorestart=true
priority=20
[program:apache2]
command=/usr/sbin/apache2ctl -D FOREGROUND
command=/usr/sbin/httpd -D FOREGROUND -f /etc/apache2/httpd.conf
autostart=true
autorestart=true
priority=10

68
docker/Dockerfile
View File

@ -1,66 +1,68 @@
FROM ubuntu:24.04
FROM alpine:3.20
ENV DEBIAN_FRONTEND=noninteractive
ENV MYSQL_ROOT_PASSWORD=39gknzLD
ENV MYSQL_DATABASE=app
RUN apt update && apt upgrade -y && \
apt install -y \
RUN apk update && apk upgrade && \
apk add --no-cache \
apache2 \
apache2-ssl \
curl \
nano \
vim \
bash \
supervisor \
openssh-server \
openssh \
sudo \
php-mysql\
cowsay \
php \
iputils-ping \
&& rm -rf /var/lib/apt/lists/*
php82 \
php82-mysqli \
php82-apache2 \
php82-session \
iputils \
shadow \
&& rm -rf /var/cache/apk/*
# the user players will need to have access as
RUN useradd -m -s /bin/bash agent \
&& echo "agent:secure" | chpasswd
# apache2 config to change default 80 port to 8080
RUN sed -i 's/^Listen 80/Listen 8080/' /etc/apache2/ports.conf
RUN sed -i 's/<VirtualHost \*:80>/<VirtualHost *:8080>/' /etc/apache2/sites-available/000-default.conf
RUN sed -i 's/^Listen 80/Listen 8080/' /etc/apache2/httpd.conf && sed -i 's/80/8080/g' /etc/apache2/conf.d/*.conf || true
# remove default apache2 index.html
RUN rm /var/www/html/index.html
RUN rm -f /var/www/localhost/htdocs/index.html
# enable php module
RUN ls /etc/apache2/mods-enabled/
RUN a2enmod php*
# enable php module in apache
RUN echo "LoadModule php_module /usr/lib/apache2/mod_php82.so" > /etc/apache2/conf.d/php.conf
# copy the app
COPY ./www/ /var/www/html/
COPY ./www/ /var/www/localhost/htdocs/
# give upload permissions to the www-data user
# add ssh key otherwise it does not work
RUN chown -R www-data:www-data /var/www/html/confidential/uploads && chmod -R 755 /var/www/html/confidential/uploads
RUN ssh-keygen -A
# give permissions to access the agent user to www-data
RUN usermod -aG agent www-data && chmod 750 /home/agent
# give upload permissions to the apache user
RUN chown -R apache:apache /var/www/localhost/htdocs/confidential/uploads \
&& chmod -R 755 /var/www/localhost/htdocs/confidential/uploads
# give permissions to access the agent user to apache
RUN usermod -aG agent apache && chmod 750 /home/agent
RUN mkdir /var/run/sshd
# (suggestion)
# for the privesc, cowsay allowed to be ran with sudo without password
# https://gtfobins.github.io/gtfobins/cowsay/
# for the privesc, vim allowed to be ran with sudo without password
# https://gtfobins.github.io/gtfobins/vim/
RUN printf 'agent ALL=(ALL) NOPASSWD: /usr/games/cowsay, /usr/bin/sudo -l\n' > /etc/sudoers.d/agent && \
chmod 0440 /etc/sudoers.d/agent && \
visudo -cf /etc/sudoers.d/agent
RUN echo 'agent ALL=(ALL) NOPASSWD: /usr/bin/vim, /usr/bin/sudo -l' > /etc/sudoers.d/agent \
&& chmod 0440 /etc/sudoers.d/agent
# copy the agent user creds and set 777 suid
@ -73,6 +75,8 @@ COPY ./config/codes.txt /root/
RUN chown root:root /root/codes.txt
RUN mkdir -p /run/httpd && chown apache:apache /run/httpd
# 22 port -> ssh, 8080 port -> webserver
EXPOSE 22
@ -80,8 +84,8 @@ EXPOSE 8080
# config of supervisord to have both apache2 and sshd services running
COPY config/supervisord.conf /etc/supervisor/conf.d/supervisord.conf
COPY config/supervisord.conf /etc/supervisor.d/httpd.ini
# start supervisord
CMD ["/usr/bin/supervisord", "-n"]
CMD ["/usr/bin/supervisord", "-n", "-c", "/etc/supervisor.d/httpd.ini"]

49
www/gallery.php
View File

@ -1,49 +0,0 @@
<!DOCTYPE html>
<html lang="en">
<?php
session_start();
?>
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Tux gallery !</title>
<link rel="stylesheet" href="static/css/stylesheet.css">
<link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.8/dist/css/bootstrap.min.css" rel="stylesheet" integrity="sha384-sRIl4kxILFvY47J16cr9ZwB07vP4J8+LH7qKQnuqkuIAvNWLzeN8tE5YBujZqJLB" crossorigin="anonymous">
</head>
<body>
<?php include 'include/nav.php'?>
<div class="wrapper">
<section class="info-part">
<h1>Tux gallery</h1>
<p>Tux is awesome ! So I made this extremely secure gallery app.</p>
<?php if (empty($_SESSION['username'])): ?>
You can also add tux pictures to the gallery, first <a href="login.php">login</a> and then you should be able to upload a new image of tux.
<?php else: ?>
First navigate to the <a href="admin/upload.php">upload.php</a> page and upload your tux image from there!
<?php endif; ?>
</section>
<hr>
<section class="gallery-part">
<div class="gallery">
<?php
foreach (new DirectoryIterator('static/img/gallery') as $file) {
if($file->isDot()) continue;
print '<img class="tux-img" src="/static/img/gallery/'. $file->getFilename() . '" onerror="this.onerror=null;this.src=`/static/img/fallback.png`;" data-original="/static/img/gallery/'. $file->getFilename() .'">'; // to do, is there an 'fstring' like for php ? just like in python
} // xss ? i call it a feature
?>
</div>
</section>
</div>
<script src="https://cdn.jsdelivr.net/npm/bootstrap@5.3.8/dist/js/bootstrap.bundle.min.js" integrity="sha384-FKyoEForCGlyvwx9Hj09JcYn3nv7wiPVlz7YYwJrWVcXK/BmnVDxM+D2scQbITxI" crossorigin="anonymous"></script>
<script>
window.addEventListener("load", () => {
Array.from(document.getElementsByClassName("tux-img")).forEach(img => {
img.addEventListener('click', function() {
window.open(img.dataset.original);
});
});
});
</script>
</body>
</html>