Docker-搭建题目环境

Docker-搭建题目环境

安装docker

1、curl -fsSL https://download.docker.com/linux/debian/gpg | sudo apt-key add -

2、echo ‘deb https://download.docker.com/linux/debian stretch stable’> /etc/apt/sources.list.d/docker.list

3、apt-get install apt-transport-https ca-certificates curl gnupg2 software-properties-common

4、apt-get update

5、sudo apt install docker.io

6、检查docker安装情况:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
└─# docker

Usage:  docker [OPTIONS] COMMAND

A self-sufficient runtime for containers

Options:
      --config string      Location of client config files (default "/root/.docker")
  -c, --context string     Name of the context to use to connect to the daemon (overrides DOCKER_HOST env var and default context set with
                           "docker context use")
  -D, --debug              Enable debug mode
  -H, --host list          Daemon socket(s) to connect to
  -l, --log-level string   Set the logging level ("debug"|"info"|"warn"|"error"|"fatal") (default "info")
      --tls                Use TLS; implied by --tlsverify
      --tlscacert string   Trust certs signed only by this CA (default "/root/.docker/ca.pem")
      --tlscert string     Path to TLS certificate file (default "/root/.docker/cert.pem")
      --tlskey string      Path to TLS key file (default "/root/.docker/key.pem")
      --tlsverify          Use TLS and verify the remote
  -v, --version            Print version information and quit

Management Commands:
  builder     Manage builds
  config      Manage Docker configs
  container   Manage containers
  context     Manage contexts
  image       Manage images
  manifest    Manage Docker image manifests and manifest lists
  network     Manage networks
  node        Manage Swarm nodes
  plugin      Manage plugins
  secret      Manage Docker secrets
  service     Manage services
  stack       Manage Docker stacks
  swarm       Manage Swarm
  system      Manage Docker
  trust       Manage trust on Docker images
  volume      Manage volumes

Commands:
  attach      Attach local standard input, output, and error streams to a running container
  build       Build an image from a Dockerfile
  commit      Create a new image from a container's changes
  cp          Copy files/folders between a container and the local filesystem
  create      Create a new container
  diff        Inspect changes to files or directories on a container's filesystem
  events      Get real time events from the server
  exec        Run a command in a running container
  export      Export a container's filesystem as a tar archive
  history     Show the history of an image
  images      List images
  import      Import the contents from a tarball to create a filesystem image
  info        Display system-wide information
  inspect     Return low-level information on Docker objects
  kill        Kill one or more running containers
  load        Load an image from a tar archive or STDIN
  login       Log in to a Docker registry
  logout      Log out from a Docker registry
  logs        Fetch the logs of a container
  pause       Pause all processes within one or more containers
  port        List port mappings or a specific mapping for the container
  ps          List containers
  pull        Pull an image or a repository from a registry
  push        Push an image or a repository to a registry
  rename      Rename a container
  restart     Restart one or more containers
  rm          Remove one or more containers
  rmi         Remove one or more images
  run         Run a command in a new container
  save        Save one or more images to a tar archive (streamed to STDOUT by default)
  search      Search the Docker Hub for images
  start       Start one or more stopped containers
  stats       Display a live stream of container(s) resource usage statistics
  stop        Stop one or more running containers
  tag         Create a tag TARGET_IMAGE that refers to SOURCE_IMAGE
  top         Display the running processes of a container
  unpause     Unpause all processes within one or more containers
  update      Update configuration of one or more containers
  version     Show the Docker version information
  wait        Block until one or more containers stop, then print their exit codes

Run 'docker COMMAND --help' for more information on a command.

To get more help with docker, check out our guides at https://docs.docker.com/go/guides/

显示docker信息

1
2
3
4
5
6
7
┌──(root💀kali)-[/home/kali/桌面]
└─# docker -v               
Docker version 20.10.5+dfsg1, build 55c4c88
                                                                                                                                                    
┌──(root💀kali)-[/home/kali/桌面]
└─# docker ps -a
CONTAINER ID   IMAGE     COMMAND   CREATED   STATUS    PORTS     NAMES

启动docker服务器

1
service docker start

安装compose

Docker-Compose项目是Docker官方的开源项目,负责实现对Docker容器集群的快速编排。

1
2
3
4
apt install docker-compose
  
pip install docker-compose
pip3 install docker-compose

Docker安装测试(hello-world)

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
└─# docker run hello-world
Unable to find image 'hello-world:latest' locally
latest: Pulling from library/hello-world
b8dfde127a29: Pull complete 
Digest: sha256:0fe98d7debd9049c50b597ef1f85b7c1e8cc81f59c8d623fcb2250e8bec85b38
Status: Downloaded newer image for hello-world:latest

Hello from Docker!                                                                                                                                                             
This message shows that your installation appears to be working correctly.                                                                                                     

To generate this message, Docker took the following steps:
 1. The Docker client contacted the Docker daemon.
 2. The Docker daemon pulled the "hello-world" image from the Docker Hub.
    (amd64)
 3. The Docker daemon created a new container from that image which runs the
    executable that produces the output you are currently reading.
 4. The Docker daemon streamed that output to the Docker client, which sent it
    to your terminal.

To try something more ambitious, you can run an Ubuntu container with:
 $ docker run -it ubuntu bash

Share images, automate workflows, and more with a free Docker ID:
 https://hub.docker.com/

For more examples and ideas, visit:
 https://docs.docker.com/get-started/

设置docker镜像加速

这个是需要设置的

1
2
3
4
5
6
7
8
9
10
vim /etc/docker/daemon.json

# 添加如下内容,具体地址自己申请咯
{
  "registry-mirrors": ["https://****.mirror.aliyuncs.com"]
}

# 重启服务
systemctl daemon-reload
systemctl restart docker

搭建vulhub漏洞靶机环境

1、从官网克隆vulhub

1
git clone https://github.com/vulhub/vulhub.git

3、完成之后cd vulhub 目录下 ls 查看目录,出现如下图,即安装完成。

1
2
3
4
5
6
7
8
9
10
11
12
┌──(kali㉿kali)-[~/vulhub]
└─$ ls
activemq    contributors.md        elasticsearch  gitlist      java     libssh          nginx       phpunit          samba       thinkphp   zabbix
apereo-cas  contributors.zh-cn.md  electron       glassfish    jboss    LICENSE         node        postgres         scrapy      tikiwiki
appweb      couchdb                fastjson       goahead      jenkins  liferay-portal  ntopng      python           shiro       tomcat
aria2       discuz                 ffmpeg         gogs         jetty    log4j           ofbiz       rails            skywalking  unomi
base        django                 flask          h2database   jira     magento         opensmtpd   README.md        solr        uwsgi
bash        dns                    flink          hadoop       jmeter   mini_httpd      openssh     README.zh-cn.md  spark       weblogic
celery      docker                 ghostscript    httpd        joomla   mojarra         openssl     redis            spring      webmin
cgi         drupal                 git            imagemagick  jupyter  mongo-express   php         rsync            struts2     wordpress
coldfusion  dubbo                  gitea          influxdb     kibana   mysql           phpmailer   ruby             supervisor  xstream
confluence  ecshop                 gitlab         jackson      laravel  nexus           phpmyadmin  saltstack        tests       xxl-job

下面随便进入一个目录,选择struts2,启动s2-001测试环境

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
┌──(root💀kali)-[/home/kali/vulhub/struts2/s2-001]
└─# docker-compose build           
Building struts2
Sending build context to Docker daemon  3.697MB
Step 1/5 : FROM vulhub/tomcat:8.5
 ---> 66ba03f6c1d8
Step 2/5 : LABEL maintainer="phithon <root@leavesongs.com>"
 ---> Using cache
 ---> 51ccd85e21c0
Step 3/5 : RUN set -ex     && rm -rf /usr/local/tomcat/webapps/*     && chmod a+x /usr/local/tomcat/bin/*.sh
 ---> Using cache
 ---> 0a903d3b8d2e
Step 4/5 : COPY S2-001.war /usr/local/tomcat/webapps/ROOT.war
 ---> Using cache
 ---> 46e97211b80a
Step 5/5 : EXPOSE 8080
 ---> Using cache
 ---> 4d93a32927c7
Successfully built 4d93a32927c7
Successfully tagged s2-001_struts2:latest
                                                                                                                                                                              
┌──(root💀kali)-[/home/kali/vulhub/struts2/s2-001]
└─# docker-compose up -d           
Creating network "s2-001_default" with the default driver
Creating s2-001_struts2_1 ... done

查看docker进程

1
2
3
4
5
┌──(root💀kali)-[/home/kali/vulhub/struts2/s2-001]
└─# docker ps -a
CONTAINER ID   IMAGE            COMMAND             CREATED              STATUS                      PORTS                    NAMES
d5fb2a7ca4c2   s2-001_struts2   "catalina.sh run"   About a minute ago   Up About a minute           0.0.0.0:8080->8080/tcp   s2-001_struts2_1
f4417e29b119   hello-world      "/hello"            11 minutes ago       Exited (0) 11 minutes ago                            focused_kapitsa

访问IP:8080,搭建成功

img

关闭docker 环境 

1
2
3
4
5
┌──(root💀kali)-[/home/kali/vulhub/struts2/s2-001]
└─# docker-compose down -v 
Stopping s2-001_struts2_1 ... done
Removing s2-001_struts2_1 ... done
Removing network s2-001_default

CTF题目搭建

[

](https://blog.csdn.net/q20010619/article/details/108587879)

docker常用命令

1.拉取镜像。

1
$ docker pull [image]

2.查看docker当前镜像。

1
$ docker image ls 或 docker images

3.新建一个docker容器,并映射端口号。

1
$ docker run -d -p [host port]:[docker port] [image]

4.查看运行中的docker容器。

1
$ docker ps -a

5.进入一个docker容器。

1
$ docker exec -it [container id] bash

6.拷贝本地文件到docker。

1
$ docker cp [本地路径] [container id]:[container 路径]

7.启动/停止一个docker容器。

1
2
$ docker stop [container id]
$ docker start [container id]

8.删除一个docker容器。

(注意:需要先把容器停止才可以删除。)

1
$ docker rm [container id]

9.删除一个docker镜像

(注意:在镜像对应的容器后才可以删除镜像ID。)

1
2
3
4
5
6
7
8
9
10
$ docker rmi [image id]


遇到的问题
Error response from daemon: conflict: unable to delete 66ba03f6c1d8 (cannot be forced) - image has dependent child images

解决方法:https://blog.csdn.net/sunmingyang1987/article/details/104493245
└─# docker rmi vulhub/tomcat:8.5
Untagged: vulhub/tomcat:8.5
Untagged: vulhub/tomcat@sha256:9b0989a0ac483d2ce309427123b44d21fddcad48159960064b5c6695270ef2ac

将容器转换为镜像(固化)

1
2
$docker commit 容器ID 用户名/仓库1
#用户名/仓库可以随便写,无需上纲上线,我写的是lhy/test

将镜像转换为文件

1
$docker save -o /path/文件名 镜像名

使用docker搭建一道简单的ctf题目

1.搜索lamp环境的docker镜像。

docker search lamp

1
2
3
4
5
6
7
└─# docker search lamp      
NAME                                    DESCRIPTION                                     STARS     OFFICIAL   AUTOMATED
mattrayner/lamp                         A simple LAMP docker image running the prere…   285                  [OK]
linode/lamp                             LAMP on Ubuntu 14.04.1 LTS Container            181                  
tutum/lamp                              Out-of-the-box LAMP image (PHP+MySQL)           148                  
fauria/lamp                             Modern, developer friendly LAMP stack. Inclu…   110                  [OK]
greyltc/lamp                            a super secure, up-to-date and lightweight L…   103                  [OK]                0

2.拉取“tutum/lamp”镜像。

docker pull tutum/lamp

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
└─# docker pull tutum/lamp  
Using default tag: latest
latest: Pulling from tutum/lamp
Image docker.io/tutum/lamp:latest uses outdated schema1 manifest format. Please upgrade to a schema2 image for better future compatibility. More information at https://docs.docker.com/registry/spec/deprecated-schema-v1/
8387d9ff0016: Pull complete 
3b52deaaf0ed: Pull complete 
4bd501fad6de: Pull complete 
a3ed95caeb02: Pull complete 
790f0e8363b9: Pull complete 
11f87572ad81: Pull complete 
341e06373981: Pull complete 
709079cecfb8: Pull complete 
55bf9bbb788a: Pull complete 
b41f3cfd3d47: Pull complete 
70789ae370c5: Pull complete 
43f2fd9a6779: Pull complete 
6a0b3a1558bd: Pull complete 
934438c9af31: Pull complete 
1cfba20318ab: Pull complete 
de7f3e54c21c: Pull complete 
596da16c3b16: Pull complete 
e94007c4319f: Pull complete 
3c013e645156: Pull complete 
Digest: sha256:d332e7e97606ac6407b0ba9ae9e9383c89d7e04c6f4853332e98f7d326408329
Status: Downloaded newer image for tutum/lamp:latest
docker.io/tutum/lamp:latest

3.拉取完成以后,查看本地docker镜像。

docker images

1
2
3
4
5
6
7
┌──(root💀kali)-[/home/kali/桌面]
└─# docker images
REPOSITORY       TAG               IMAGE ID       CREATED         SIZE
python           3.7-slim-buster   1241d4388782   3 months ago    113MB
hello-world      latest            d1165f221234   8 months ago    13.3kB
mariadb          10.4.12           b6184b68d1fd   19 months ago   357MB
tutum/lamp       latest            3d49e175ec00   5 years ago     427MB

4.新建一个docker容器。

1
2
3
4
5
└─# docker run --name=lamp -d -p 8080:80 -p 3306:3306 -v /var/www/app/lamp/:/var/www/html tutum/lamp
941e5ff0bd2f8c704ff54a952709e7ead035235cf89a287d7894524596507451

-d //容器后台运行。
-p //指定映射端口。

5.查看系统中运行的docker容器。

docker ps -a

1
2
3
4
└─# docker ps -a                                                                                    
CONTAINER ID   IMAGE         COMMAND     CREATED          STATUS                    PORTS                                          NAMES
941e5ff0bd2f   tutum/lamp    "/run.sh"   23 seconds ago   Up 22 seconds             0.0.0.0:3306->3306/tcp, 0.0.0.0:8080->80/tcp   lamp
f4417e29b119   hello-world   "/hello"    3 months ago     Exited (0) 3 months ago                                                  focused_kapitsa

6.开启apache服务,使用浏览器访问一下主页,查看映射是否正常。

开启apache服务:

1
service apache2 start

然后浏览器访问localhost:8080即可

7.进入docker container。

1
2
3
4
5
6
└─# docker exec -it 941e5ff0bd2f bash                                                                                                                                   1 ⨯
root@941e5ff0bd2f:/# 

-i //让容器的标准输入保持打开。
-t //让docker分配一个伪终端并绑定到容器的标准输出上。
941e5ff0bd2f 容器id

安装vim

1
2
3
4
5
└─# docker exec -it 941e5ff0bd2f bash                                                                                                                                   1 ⨯
root@941e5ff0bd2f:/# sed -i s@/deb.debian.org/@/mirrors.aliyun.com/@g /etc/apt/sources.list
root@941e5ff0bd2f:/# apt-get clean
root@941e5ff0bd2f:/# apt-get update
root@941e5ff0bd2f:/# apt-get install vim

设置flag

1
2
3
4
root@941e5ff0bd2f:/# echo "flag{test_flag}" > /flag
root@941e5ff0bd2f:/# cat /flag
flag{test_flag}
root@941e5ff0bd2

设置题目

1
2
3
4
5
6
7
8
9
10
11
root@941e5ff0bd2f:/# vi /var/www/html/rce.php
root@941e5ff0bd2f:/# cat /var/www/html/rce.php
<?php
error_reporting(0);
if(isset($_GET['c'])){
    $c = $_GET['c'];
        eval($c);
    
}else{
    highlight_file(__FILE__);
}

测试一下phpinfo

img

flag:

1
2
http://192.168.182.130:8080/rce.php?c=system('cat /flag');
flag{test_flag}

8.如果ctf题目源码过多,可以拷贝到container的主目录中

1
$ docker cp ctfFile 941e5ff0bd2f:var/www/html

10.导出容器

1
$ docker export 941e5ff0bd2f > ctf.tar
CTF WEB
Dcoker

本博客所有文章除特别声明外,均采用 CC BY-SA 4.0 协议 ,转载请注明出处!