75 lines
		
	
	
		
			1.7 KiB
		
	
	
	
		
			Docker
		
	
	
	
	
	
			
		
		
	
	
			75 lines
		
	
	
		
			1.7 KiB
		
	
	
	
		
			Docker
		
	
	
	
	
	
| FROM ubuntu:24.04
 | |
| 
 | |
| ENV DEBIAN_FRONTEND=noninteractive
 | |
| 
 | |
| RUN apt update && apt upgrade -y && \
 | |
|     apt install -y \
 | |
|     apache2 \
 | |
|     curl \
 | |
|     nano \
 | |
|     vim \
 | |
|     supervisor \
 | |
|     openssh-server \
 | |
|     mysql-server \
 | |
|     sudo \
 | |
|     cowsay \
 | |
|     php \
 | |
|     && rm -rf /var/lib/apt/lists/*
 | |
| 
 | |
| # the user players will need to have access as
 | |
| 
 | |
| 
 | |
| RUN useradd -m -s /bin/bash l33t \
 | |
| && echo "l33t:h4x0r" | chpasswd
 | |
| 
 | |
| # apache2 config to change default 80 port to 31337
 | |
| 
 | |
| RUN sed -i 's/^Listen 80/Listen 31337/' /etc/apache2/ports.conf
 | |
| 
 | |
| RUN sed -i 's/<VirtualHost \*:80>/<VirtualHost *:31337>/' /etc/apache2/sites-available/000-default.conf
 | |
| 
 | |
| # enable php module
 | |
| RUN ls /etc/apache2/mods-enabled/
 | |
| RUN a2enmod php*
 | |
| 
 | |
| # copy the app
 | |
| 
 | |
| COPY ./www/ /var/www/html/
 | |
| 
 | |
| RUN mkdir /var/run/sshd
 | |
| 
 | |
| # (suggestion)
 | |
| # for the privesc, cowsay allowed to be ran with sudo without password
 | |
| # https://gtfobins.github.io/gtfobins/cowsay/
 | |
| 
 | |
| RUN printf 'l33t ALL=(ALL) NOPASSWD: /usr/games/cowsay, /usr/bin/sudo -l\n' > /etc/sudoers.d/l33t && \
 | |
|     chmod 0440 /etc/sudoers.d/l33t && \
 | |
|     visudo -cf /etc/sudoers.d/l33t
 | |
| 
 | |
| # copy the l33t user creds and set 777 suid
 | |
| 
 | |
| COPY ./config/creds.txt /home/l33t/
 | |
| RUN chmod 777 /home/l33t/creds.txt
 | |
| 
 | |
| # copy the flags and set suid
 | |
| 
 | |
| COPY ./flags/user.txt /home/l33t/
 | |
| RUN chown l33t:l33t /home/l33t/user.txt
 | |
| 
 | |
| COPY ./flags/root.txt /root/
 | |
| RUN chown root:root /root/root.txt
 | |
| 
 | |
| 
 | |
| # 22 port -> ssh, 31337 port (suggestion) -> vulnerable webserver players need to find using nmap port scans
 | |
| 
 | |
| EXPOSE 22
 | |
| EXPOSE 31337
 | |
| 
 | |
| # config of supervisord to have both apache2 and sshd services running
 | |
| 
 | |
| COPY config/supervisord.conf /etc/supervisor/conf.d/supervisord.conf
 | |
| 
 | |
| # start supervisord
 | |
| CMD ["/usr/bin/supervisord", "-n"]
 | |
| 
 | 
