ctf-chal-ji/docker/Dockerfile

FROM ubuntu:24.04

ENV DEBIAN_FRONTEND=noninteractive
ENV MYSQL_ROOT_PASSWORD=39gknzLD
ENV MYSQL_DATABASE=app


RUN apt update && apt upgrade -y && \
    apt install -y \
    apache2 \
    curl \
    nano \
    vim \
    supervisor \
    openssh-server \
    sudo \
    php-mysql\
    cowsay \
    php \
    iputils-ping \
    && rm -rf /var/lib/apt/lists/*

# the user players will need to have access as


RUN useradd -m -s /bin/bash agent \
&& echo "agent:secure" | chpasswd

# apache2 config to change default 80 port to 8080

RUN sed -i 's/^Listen 80/Listen 8080/' /etc/apache2/ports.conf

RUN sed -i 's/<VirtualHost \*:80>/<VirtualHost *:8080>/' /etc/apache2/sites-available/000-default.conf

# remove default apache2 index.html

RUN rm /var/www/html/index.html

# enable php module
RUN ls /etc/apache2/mods-enabled/
RUN a2enmod php*

# copy the app

COPY ./www/ /var/www/html/

# give upload permissions to the www-data user

RUN chown -R www-data:www-data /var/www/html/confidential/uploads && chmod -R 755 /var/www/html/confidential/uploads

# give permissions to access the agent user to www-data

RUN usermod -aG agent www-data && chmod 750 /home/agent

RUN mkdir /var/run/sshd

# (suggestion)
# for the privesc, cowsay allowed to be ran with sudo without password
# https://gtfobins.github.io/gtfobins/cowsay/

RUN printf 'agent ALL=(ALL) NOPASSWD: /usr/games/cowsay, /usr/bin/sudo -l\n' > /etc/sudoers.d/agent && \
    chmod 0440 /etc/sudoers.d/agent && \
    visudo -cf /etc/sudoers.d/agent

# copy the agent user creds and set 777 suid

COPY ./config/creds.txt /home/agent/
RUN chmod 777 /home/agent/creds.txt

# copy the secret codes and set suid

COPY ./config/codes.txt /root/

RUN chown root:root /root/codes.txt

# 22 port -> ssh, 8080 port -> webserver

EXPOSE 22
EXPOSE 8080

# config of supervisord to have both apache2 and sshd services running

COPY config/supervisord.conf /etc/supervisor/conf.d/supervisord.conf

# start supervisord
CMD ["/usr/bin/supervisord", "-n"]