59 lines
1.4 KiB
Docker
59 lines
1.4 KiB
Docker
FROM ubuntu:24.04
|
|
|
|
ENV DEBIAN_FRONTEND=noninteractive
|
|
|
|
RUN apt update && apt upgrade -y && \
|
|
apt install -y \
|
|
apache2 \
|
|
curl \
|
|
nano \
|
|
vim \
|
|
supervisor \
|
|
openssh-server \
|
|
sudo \
|
|
cowsay \
|
|
&& rm -rf /var/lib/apt/lists/*
|
|
|
|
# the user players will need to have access as
|
|
|
|
|
|
RUN useradd -m -s /bin/bash l33t \
|
|
&& echo "l33t:h4x0r" | chpasswd
|
|
|
|
# foothold user with no sudo perms. Only access to the l33t user home directory.
|
|
|
|
RUN useradd webmaster
|
|
|
|
# apache2 config to change default 80 port to 31337
|
|
|
|
RUN sed -i 's/^Listen 80/Listen 31337/' /etc/apache2/ports.conf
|
|
|
|
RUN sed -i 's/<VirtualHost \*:80>/<VirtualHost *:31337>/' /etc/apache2/sites-available/000-default.conf
|
|
|
|
# copy the app
|
|
|
|
#COPY ./app/ /var/www/html/
|
|
|
|
RUN mkdir /var/run/sshd
|
|
|
|
# (suggestion)
|
|
# for the privesc, cowsay allowed to be ran with sudo without password
|
|
# https://gtfobins.github.io/gtfobins/cowsay/
|
|
|
|
RUN printf 'l33t ALL=(ALL) NOPASSWD: /usr/games/cowsay, /usr/bin/sudo -l\n' > /etc/sudoers.d/l33t && \
|
|
chmod 0440 /etc/sudoers.d/l33t && \
|
|
visudo -cf /etc/sudoers.d/l33t
|
|
|
|
# 22 port -> ssh, 31337 port (suggestion) -> vulnerable webserver players need to find using nmap port scans
|
|
|
|
EXPOSE 22
|
|
EXPOSE 31337
|
|
|
|
# config of supervisord to have both apache2 and sshd services running
|
|
|
|
COPY config/supervisord.conf /etc/supervisor/conf.d/supervisord.conf
|
|
|
|
# start supervisord
|
|
CMD ["/usr/bin/supervisord", "-n"]
|
|
|