Working challenge ! #6
@ -8,5 +8,3 @@ autorestart=true
|
|||||||
[program:apache2]
|
[program:apache2]
|
||||||
command=/usr/sbin/apache2ctl -D FOREGROUND
|
command=/usr/sbin/apache2ctl -D FOREGROUND
|
||||||
autorestart=true
|
autorestart=true
|
||||||
|
|
||||||
# [program:mysql-server]
|
|
||||||
|
|||||||
@ -1,6 +1,9 @@
|
|||||||
FROM ubuntu:24.04
|
FROM ubuntu:24.04
|
||||||
|
|
||||||
ENV DEBIAN_FRONTEND=noninteractive
|
ENV DEBIAN_FRONTEND=noninteractive
|
||||||
|
ENV MYSQL_ROOT_PASSWORD=39gknzLD
|
||||||
|
ENV MYSQL_DATABASE=app
|
||||||
|
|
||||||
|
|
||||||
RUN apt update && apt upgrade -y && \
|
RUN apt update && apt upgrade -y && \
|
||||||
apt install -y \
|
apt install -y \
|
||||||
@ -10,7 +13,6 @@ RUN apt update && apt upgrade -y && \
|
|||||||
vim \
|
vim \
|
||||||
supervisor \
|
supervisor \
|
||||||
openssh-server \
|
openssh-server \
|
||||||
mysql-server \
|
|
||||||
sudo \
|
sudo \
|
||||||
cowsay \
|
cowsay \
|
||||||
php \
|
php \
|
||||||
@ -59,7 +61,6 @@ RUN chown l33t:l33t /home/l33t/user.txt
|
|||||||
COPY ./flags/root.txt /root/
|
COPY ./flags/root.txt /root/
|
||||||
RUN chown root:root /root/root.txt
|
RUN chown root:root /root/root.txt
|
||||||
|
|
||||||
|
|
||||||
# 22 port -> ssh, 31337 port (suggestion) -> vulnerable webserver players need to find using nmap port scans
|
# 22 port -> ssh, 31337 port (suggestion) -> vulnerable webserver players need to find using nmap port scans
|
||||||
|
|
||||||
EXPOSE 22
|
EXPOSE 22
|
||||||
|
|||||||
@ -1,10 +1,24 @@
|
|||||||
services:
|
services:
|
||||||
|
db:
|
||||||
|
image: mysql:8.1
|
||||||
|
environment:
|
||||||
|
MYSQL_ROOT_PASSWORD: 39gknzLD
|
||||||
|
MYSQL_DATABASE: app
|
||||||
|
volumes:
|
||||||
|
- $PWD/config/base.sql:/docker-entrypoint-initdb.d/base.sql:ro
|
||||||
|
ports:
|
||||||
|
- "3306:3306"
|
||||||
app:
|
app:
|
||||||
hostname: srv1prod
|
hostname: srv1prod
|
||||||
build:
|
build:
|
||||||
context: ..
|
context: ..
|
||||||
dockerfile: docker/Dockerfile
|
dockerfile: docker/Dockerfile
|
||||||
container_name: "ji-ctf-dockerized"
|
container_name: "ji-ctf-dockerized"
|
||||||
|
environment:
|
||||||
|
MYSQL_ROOT_PASSWORD: 39gknzLD
|
||||||
|
MYSQL_DATABASE: app
|
||||||
ports:
|
ports:
|
||||||
- "22:22"
|
- "22:22"
|
||||||
- "31337:31337"
|
- "31337:31337"
|
||||||
|
depends_on:
|
||||||
|
- db
|
||||||
@ -26,13 +26,25 @@
|
|||||||
// add sqli vulnerable login functionnality
|
// add sqli vulnerable login functionnality
|
||||||
// ??
|
// ??
|
||||||
// profit
|
// profit
|
||||||
|
$servername = "db";
|
||||||
|
$username = "root";
|
||||||
|
$password = "39gknzLD";
|
||||||
|
|
||||||
|
$conn = new mysqli($servername, $username, $password);
|
||||||
|
|
||||||
if (! empty($_POST)) {
|
if (! empty($_POST)) {
|
||||||
$name = $_POST['username'];
|
$name = $_POST['username'];
|
||||||
$password = $_POST['password'];
|
$password = $_POST['password'];
|
||||||
if (empty($name)) {
|
if (empty($name)) {
|
||||||
echo "Username is empty";
|
echo "Username is empty.";
|
||||||
} else {
|
} else {
|
||||||
echo $name;
|
$sql = 'SELECT username,pass FROM users WHERE username=' . $name . ' AND pass=' . $password; // sqli here
|
||||||
|
$result = $conn->query($sql);
|
||||||
|
if ($result->num_rows > 0) {
|
||||||
|
echo "CONNECTED" // do redirect to upload page
|
||||||
|
} else {
|
||||||
|
echo "Wrong username or password !";
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
?>
|
?>
|
||||||
|
|||||||
0
www/upload.php
Normal file
0
www/upload.php
Normal file
Loading…
x
Reference in New Issue
Block a user