Docker-搭建题目环境

Docker-搭建题目环境

安装docker

1、curl -fsSL https://download.docker.com/linux/debian/gpg | sudo apt-key add -

2、echo ‘deb https://download.docker.com/linux/debian stretch stable’> /etc/apt/sources.list.d/docker.list

3、apt-get install apt-transport-https ca-certificates curl gnupg2 software-properties-common

4、apt-get update

5、sudo apt install docker.io

6、检查docker安装情况:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
└─# docker

Usage: docker [OPTIONS] COMMAND

A self-sufficient runtime for containers

Options:
--config string Location of client config files (default "/root/.docker")
-c, --context string Name of the context to use to connect to the daemon (overrides DOCKER_HOST env var and default context set with
"docker context use")
-D, --debug Enable debug mode
-H, --host list Daemon socket(s) to connect to
-l, --log-level string Set the logging level ("debug"|"info"|"warn"|"error"|"fatal") (default "info")
--tls Use TLS; implied by --tlsverify
--tlscacert string Trust certs signed only by this CA (default "/root/.docker/ca.pem")
--tlscert string Path to TLS certificate file (default "/root/.docker/cert.pem")
--tlskey string Path to TLS key file (default "/root/.docker/key.pem")
--tlsverify Use TLS and verify the remote
-v, --version Print version information and quit

Management Commands:
builder Manage builds
config Manage Docker configs
container Manage containers
context Manage contexts
image Manage images
manifest Manage Docker image manifests and manifest lists
network Manage networks
node Manage Swarm nodes
plugin Manage plugins
secret Manage Docker secrets
service Manage services
stack Manage Docker stacks
swarm Manage Swarm
system Manage Docker
trust Manage trust on Docker images
volume Manage volumes

Commands:
attach Attach local standard input, output, and error streams to a running container
build Build an image from a Dockerfile
commit Create a new image from a container's changes
cp Copy files/folders between a container and the local filesystem
create Create a new container
diff Inspect changes to files or directories on a container's filesystem
events Get real time events from the server
exec Run a command in a running container
export Export a container's filesystem as a tar archive
history Show the history of an image
images List images
import Import the contents from a tarball to create a filesystem image
info Display system-wide information
inspect Return low-level information on Docker objects
kill Kill one or more running containers
load Load an image from a tar archive or STDIN
login Log in to a Docker registry
logout Log out from a Docker registry
logs Fetch the logs of a container
pause Pause all processes within one or more containers
port List port mappings or a specific mapping for the container
ps List containers
pull Pull an image or a repository from a registry
push Push an image or a repository to a registry
rename Rename a container
restart Restart one or more containers
rm Remove one or more containers
rmi Remove one or more images
run Run a command in a new container
save Save one or more images to a tar archive (streamed to STDOUT by default)
search Search the Docker Hub for images
start Start one or more stopped containers
stats Display a live stream of container(s) resource usage statistics
stop Stop one or more running containers
tag Create a tag TARGET_IMAGE that refers to SOURCE_IMAGE
top Display the running processes of a container
unpause Unpause all processes within one or more containers
update Update configuration of one or more containers
version Show the Docker version information
wait Block until one or more containers stop, then print their exit codes

Run 'docker COMMAND --help' for more information on a command.

To get more help with docker, check out our guides at https://docs.docker.com/go/guides/

显示docker信息

1
2
3
4
5
6
7
┌──(root💀kali)-[/home/kali/桌面]
└─# docker -v
Docker version 20.10.5+dfsg1, build 55c4c88

┌──(root💀kali)-[/home/kali/桌面]
└─# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES

启动docker服务器

1
service docker start

安装compose

Docker-Compose项目是Docker官方的开源项目,负责实现对Docker容器集群的快速编排。

1
2
3
4
apt install docker-compose

pip install docker-compose
pip3 install docker-compose

Docker安装测试(hello-world)

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
└─# docker run hello-world
Unable to find image 'hello-world:latest' locally
latest: Pulling from library/hello-world
b8dfde127a29: Pull complete
Digest: sha256:0fe98d7debd9049c50b597ef1f85b7c1e8cc81f59c8d623fcb2250e8bec85b38
Status: Downloaded newer image for hello-world:latest

Hello from Docker!
This message shows that your installation appears to be working correctly.

To generate this message, Docker took the following steps:
1. The Docker client contacted the Docker daemon.
2. The Docker daemon pulled the "hello-world" image from the Docker Hub.
(amd64)
3. The Docker daemon created a new container from that image which runs the
executable that produces the output you are currently reading.
4. The Docker daemon streamed that output to the Docker client, which sent it
to your terminal.

To try something more ambitious, you can run an Ubuntu container with:
$ docker run -it ubuntu bash

Share images, automate workflows, and more with a free Docker ID:
https://hub.docker.com/

For more examples and ideas, visit:
https://docs.docker.com/get-started/

设置docker镜像加速

这个是需要设置的

1
2
3
4
5
6
7
8
9
10
vim /etc/docker/daemon.json

# 添加如下内容,具体地址自己申请咯
{
"registry-mirrors": ["https://****.mirror.aliyuncs.com"]
}

# 重启服务
systemctl daemon-reload
systemctl restart docker

搭建vulhub漏洞靶机环境

1、从官网克隆vulhub

1
git clone https://github.com/vulhub/vulhub.git

3、完成之后cd vulhub 目录下 ls 查看目录,出现如下图,即安装完成。

1
2
3
4
5
6
7
8
9
10
11
12
┌──(kali㉿kali)-[~/vulhub]
└─$ ls
activemq contributors.md elasticsearch gitlist java libssh nginx phpunit samba thinkphp zabbix
apereo-cas contributors.zh-cn.md electron glassfish jboss LICENSE node postgres scrapy tikiwiki
appweb couchdb fastjson goahead jenkins liferay-portal ntopng python shiro tomcat
aria2 discuz ffmpeg gogs jetty log4j ofbiz rails skywalking unomi
base django flask h2database jira magento opensmtpd README.md solr uwsgi
bash dns flink hadoop jmeter mini_httpd openssh README.zh-cn.md spark weblogic
celery docker ghostscript httpd joomla mojarra openssl redis spring webmin
cgi drupal git imagemagick jupyter mongo-express php rsync struts2 wordpress
coldfusion dubbo gitea influxdb kibana mysql phpmailer ruby supervisor xstream
confluence ecshop gitlab jackson laravel nexus phpmyadmin saltstack tests xxl-job

下面随便进入一个目录,选择struts2,启动s2-001测试环境

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
┌──(root💀kali)-[/home/kali/vulhub/struts2/s2-001]
└─# docker-compose build
Building struts2
Sending build context to Docker daemon 3.697MB
Step 1/5 : FROM vulhub/tomcat:8.5
---> 66ba03f6c1d8
Step 2/5 : LABEL maintainer="phithon <root@leavesongs.com>"
---> Using cache
---> 51ccd85e21c0
Step 3/5 : RUN set -ex && rm -rf /usr/local/tomcat/webapps/* && chmod a+x /usr/local/tomcat/bin/*.sh
---> Using cache
---> 0a903d3b8d2e
Step 4/5 : COPY S2-001.war /usr/local/tomcat/webapps/ROOT.war
---> Using cache
---> 46e97211b80a
Step 5/5 : EXPOSE 8080
---> Using cache
---> 4d93a32927c7
Successfully built 4d93a32927c7
Successfully tagged s2-001_struts2:latest

┌──(root💀kali)-[/home/kali/vulhub/struts2/s2-001]
└─# docker-compose up -d
Creating network "s2-001_default" with the default driver
Creating s2-001_struts2_1 ... done

查看docker进程

1
2
3
4
5
┌──(root💀kali)-[/home/kali/vulhub/struts2/s2-001]
└─# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
d5fb2a7ca4c2 s2-001_struts2 "catalina.sh run" About a minute ago Up About a minute 0.0.0.0:8080->8080/tcp s2-001_struts2_1
f4417e29b119 hello-world "/hello" 11 minutes ago Exited (0) 11 minutes ago focused_kapitsa

访问IP:8080,搭建成功

img

关闭docker 环境

1
2
3
4
5
┌──(root💀kali)-[/home/kali/vulhub/struts2/s2-001]
└─# docker-compose down -v
Stopping s2-001_struts2_1 ... done
Removing s2-001_struts2_1 ... done
Removing network s2-001_default

CTF题目搭建

[

](https://blog.csdn.net/q20010619/article/details/108587879)

docker常用命令

1.拉取镜像。

1
$ docker pull [image]

2.查看docker当前镜像。

1
$ docker image ls 或 docker images

3.新建一个docker容器,并映射端口号。

1
$ docker run -d -p [host port]:[docker port] [image]

4.查看运行中的docker容器。

1
$ docker ps -a

5.进入一个docker容器。

1
$ docker exec -it [container id] bash

6.拷贝本地文件到docker。

1
$ docker cp [本地路径] [container id]:[container 路径]

7.启动/停止一个docker容器。

1
2
$ docker stop [container id]
$ docker start [container id]

8.删除一个docker容器。

(注意:需要先把容器停止才可以删除。)

1
$ docker rm [container id]

9.删除一个docker镜像

(注意:在镜像对应的容器后才可以删除镜像ID。)

1
2
3
4
5
6
7
8
9
10
$ docker rmi [image id]


遇到的问题
Error response from daemon: conflict: unable to delete 66ba03f6c1d8 (cannot be forced) - image has dependent child images

解决方法:https://blog.csdn.net/sunmingyang1987/article/details/104493245
└─# docker rmi vulhub/tomcat:8.5
Untagged: vulhub/tomcat:8.5
Untagged: vulhub/tomcat@sha256:9b0989a0ac483d2ce309427123b44d21fddcad48159960064b5c6695270ef2ac

将容器转换为镜像(固化)

1
2
$docker commit 容器ID 用户名/仓库1
#用户名/仓库可以随便写,无需上纲上线,我写的是lhy/test

将镜像转换为文件

1
$docker save -o /path/文件名 镜像名

使用docker搭建一道简单的ctf题目

1.搜索lamp环境的docker镜像。

docker search lamp

1
2
3
4
5
6
7
└─# docker search lamp      
NAME DESCRIPTION STARS OFFICIAL AUTOMATED
mattrayner/lamp A simple LAMP docker image running the prere… 285 [OK]
linode/lamp LAMP on Ubuntu 14.04.1 LTS Container 181
tutum/lamp Out-of-the-box LAMP image (PHP+MySQL) 148
fauria/lamp Modern, developer friendly LAMP stack. Inclu… 110 [OK]
greyltc/lamp a super secure, up-to-date and lightweight L… 103 [OK] 0

2.拉取“tutum/lamp”镜像。

docker pull tutum/lamp

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
└─# docker pull tutum/lamp  
Using default tag: latest
latest: Pulling from tutum/lamp
Image docker.io/tutum/lamp:latest uses outdated schema1 manifest format. Please upgrade to a schema2 image for better future compatibility. More information at https://docs.docker.com/registry/spec/deprecated-schema-v1/
8387d9ff0016: Pull complete
3b52deaaf0ed: Pull complete
4bd501fad6de: Pull complete
a3ed95caeb02: Pull complete
790f0e8363b9: Pull complete
11f87572ad81: Pull complete
341e06373981: Pull complete
709079cecfb8: Pull complete
55bf9bbb788a: Pull complete
b41f3cfd3d47: Pull complete
70789ae370c5: Pull complete
43f2fd9a6779: Pull complete
6a0b3a1558bd: Pull complete
934438c9af31: Pull complete
1cfba20318ab: Pull complete
de7f3e54c21c: Pull complete
596da16c3b16: Pull complete
e94007c4319f: Pull complete
3c013e645156: Pull complete
Digest: sha256:d332e7e97606ac6407b0ba9ae9e9383c89d7e04c6f4853332e98f7d326408329
Status: Downloaded newer image for tutum/lamp:latest
docker.io/tutum/lamp:latest

3.拉取完成以后,查看本地docker镜像。

docker images

1
2
3
4
5
6
7
┌──(root💀kali)-[/home/kali/桌面]
└─# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
python 3.7-slim-buster 1241d4388782 3 months ago 113MB
hello-world latest d1165f221234 8 months ago 13.3kB
mariadb 10.4.12 b6184b68d1fd 19 months ago 357MB
tutum/lamp latest 3d49e175ec00 5 years ago 427MB

4.新建一个docker容器。

1
2
3
4
5
└─# docker run --name=lamp -d -p 8080:80 -p 3306:3306 -v /var/www/app/lamp/:/var/www/html tutum/lamp
941e5ff0bd2f8c704ff54a952709e7ead035235cf89a287d7894524596507451

-d //容器后台运行。
-p //指定映射端口。

5.查看系统中运行的docker容器。

docker ps -a

1
2
3
4
└─# docker ps -a                                                                                    
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
941e5ff0bd2f tutum/lamp "/run.sh" 23 seconds ago Up 22 seconds 0.0.0.0:3306->3306/tcp, 0.0.0.0:8080->80/tcp lamp
f4417e29b119 hello-world "/hello" 3 months ago Exited (0) 3 months ago focused_kapitsa

6.开启apache服务,使用浏览器访问一下主页,查看映射是否正常。

开启apache服务:

1
service apache2 start

然后浏览器访问localhost:8080即可

7.进入docker container。

1
2
3
4
5
6
└─# docker exec -it 941e5ff0bd2f bash                                                                                                                                   1 ⨯
root@941e5ff0bd2f:/#

-i //让容器的标准输入保持打开。
-t //让docker分配一个伪终端并绑定到容器的标准输出上。
941e5ff0bd2f 容器id

安装vim

1
2
3
4
5
└─# docker exec -it 941e5ff0bd2f bash                                                                                                                                   1 ⨯
root@941e5ff0bd2f:/# sed -i s@/deb.debian.org/@/mirrors.aliyun.com/@g /etc/apt/sources.list
root@941e5ff0bd2f:/# apt-get clean
root@941e5ff0bd2f:/# apt-get update
root@941e5ff0bd2f:/# apt-get install vim

设置flag

1
2
3
4
root@941e5ff0bd2f:/# echo "flag{test_flag}" > /flag
root@941e5ff0bd2f:/# cat /flag
flag{test_flag}
root@941e5ff0bd2

设置题目

1
2
3
4
5
6
7
8
9
10
11
root@941e5ff0bd2f:/# vi /var/www/html/rce.php
root@941e5ff0bd2f:/# cat /var/www/html/rce.php
<?php
error_reporting(0);
if(isset($_GET['c'])){
$c = $_GET['c'];
eval($c);

}else{
highlight_file(__FILE__);
}

测试一下phpinfo

img

flag:

1
2
http://192.168.182.130:8080/rce.php?c=system('cat /flag');
flag{test_flag}

8.如果ctf题目源码过多,可以拷贝到container的主目录中

1
$ docker cp ctfFile 941e5ff0bd2f:var/www/html

10.导出容器

1
$ docker export 941e5ff0bd2f > ctf.tar

本博客所有文章除特别声明外,均采用 CC BY-SA 4.0 协议 ,转载请注明出处!