基于docker的sqli-labs搭建

一键代码:

curl https://files-cdn.cnblogs.com/files/kagari/sqli-labs.sh|bash

https://files-cdn.cnblogs.com/files/kagari/sqli-labs.sh

 1 #!/bin/bash
 2 apt-get update
 3 apt-get -y install apt-transport-https ca-certificates curl software-properties-common git
 4 curl -fsSL http://mirrors.aliyun.com/docker-ce/linux/ubuntu/gpg | sudo apt-key add -
 5 add-apt-repository "deb [arch=amd64] http://mirrors.aliyun.com/docker-ce/linux/ubuntu $(lsb_release -cs) stable"
 6 apt-get -y update
 7 apt-get -y install docker-ce
 8 apt install -y git
 9 echo '{"registry-mirrors": ["https://docker.mirrors.ustc.edu.cn"]}'> /etc/docker/daemon.json
10 service docker restart
11 git clone https://github.com/Audi-1/sqli-labs.git
12 echo RlJPTSB1YnVudHU6MTQuMDQKICAKUlVOIHNlZCAtaSAncy9hcmNoaXZlLnVidW50dS5jb20vbWlycm9ycy5hbGl5dW4uY29tL2cnIC9ldGMvYXB0L3NvdXJjZXMubGlzdCYmXAogICAgc2VkIC1pICdzL3NlY3VyaXR5LnVidW50dS5jb20vbWlycm9ycy5hbGl5dW4uY29tL2cnIC9ldGMvYXB0L3NvdXJjZXMubGlzdApSVU4gYXB0LWdldCB1cGRhdGUKUlVOIGFwdC1nZXQgaW5zdGFsbCAteSBhcGFjaGUyIHBocDUgbGliYXBhY2hlMi1tb2QtcGhwNSBwaHA1LW15c3FsIHBocDUtY3VybCBwaHA1LWdkIHBocDUtaWRuIHBocC1wZWFyIHBocDUtaW1hZ2ljayBwaHA1LWltYXAgcGhwNS1tY3J5cHQgcGhwNS1tZW1jYWNoZSBwaHA1LW1pbmcgcGhwNS1wcyBwaHA1LXBzcGVsbCBwaHA1LXJlY29kZSBwaHA1LXNubXAgcGhwNS1zcWxpdGUgcGhwNS10aWR5IHBocDUteG1scnBjIHBocDUteHNsIG15c3FsLXNlcnZlciB2aW0gY3VybAoKQ09QWSBzdGFydC5zaCAvcm9vdC9zdGFydC5zaApDT1BZIHNxbGktbGFicyAvdmFyL3d3dy9odG1sLwpSVU4gY2htb2QgK3ggL3Jvb3Qvc3RhcnQuc2gKClJVTiBjaG93biAtUiBteXNxbDpteXNxbCAvdmFyL2xpYi9teXNxbApSVU4gc2VydmljZSBhcGFjaGUyIHN0YXJ0JiZcCiAgICBmaW5kIC92YXIvbGliL215c3FsIC10eXBlIGYgLWV4ZWMgdG91Y2gge30gXDsgJiYgc2VydmljZSBteXNxbCBzdGFydCAmJlwKICAgIGN1cmwgaHR0cDovLzEyNy4wLjAuMS9zcWwtY29ubmVjdGlvbnMvc2V0dXAtZGIucGhwCgpFWFBPU0UgODAgMzMwNgpDTUQgWyIvcm9vdC9zdGFydC5zaCJd|base64 -d >dockerfile
13 echo IyEvYmluL2Jhc2gKCi9ldGMvaW5pdC5kL2FwYWNoZTIgcmVzdGFydApmaW5kIC92YXIvbGliL215c3FsIC10eXBlIGYgLWV4ZWMgdG91Y2gge30gXDsgJiYgc2VydmljZSBteXNxbCBzdGFydCAKL2Jpbi9iYXNo|base64 -d>start.sh
14 docker build -t sqli-labs .
15 docker run -itdp 8000:80 sqli-labs

详细步骤:

1.下载sqli-labs源码 https://github.com/Audi-1/sqli-labs

git clone https://github.com/Audi-1/sqli-labs.git

2.编写dockerfile

FROM ubuntu:14.04
#换源,推荐阿里源(mirrors.aliyun.com),腾讯源(mirrors.cloud.tencent.com),163源 (mirrors.163.com)
RUN sed -i 's/archive.ubuntu.com/mirrors.aliyun.com/g' /etc/apt/sources.list&&\ sed -i 's/security.ubuntu.com/mirrors.aliyun.com/g' /etc/apt/sources.list
#安装apahce,php,mysql及php相关扩展
RUN apt-get update
RUN apt-get install -y apache2 php5 libapache2-mod-php5 php5-mysql php5-curl php5-gd php5-idn php-pear php5-imagick php5-imap php5-mcrypt php5-memcache php5-ming php5-ps php5-pspell php5-recode php5-snmp php5-sqlite php5-tidy php5-xmlrpc php5-xsl mysql-server vim curl

COPY start.sh /root/start.sh
COPY sqli-labs /var/www/html/
RUN chmod +x /root/start.sh

RUN chown -R mysql:mysql /var/lib/mysql
RUN service apache2 start&&\
    find /var/lib/mysql -type f -exec touch {} \; && service mysql start &&\
    curl http://127.0.0.1/sql-connections/setup-db.php

EXPOSE 80 3306
CMD ["/root/start.sh"]

3.编写start.sh

#!/bin/bash

/etc/init.d/apache2 restart
find /var/lib/mysql -type f -exec touch {} \; && service mysql start 
/bin/bash

使用find /var/lib/mysql -type f -exec touch {} \; && service mysql start 

4.构建docker容器,并运行

docker build -t sqli-labs .   //构筑

docker run -itdp 8000:80 sqli-labs   //-it指定镜像  -d后台运行  -p映射端口

5.访问127.0.0.1:8000即可

基本情况:

mysql用户:root/空

secure_file_priv=

上述两点,如需配置,请使用以下配置

首先修改 sqli-labs/sql-connections/db-creds.inc为下

<?php
//give your mysql connection username n password
$dbuser ='user';
$dbpass ='user';
$dbname ="security";
$host = 'localhost';
$dbname1 = "challenges";
?>

dockerfile

FROM ubuntu:14.04

RUN sed -i 's/archive.ubuntu.com/mirrors.aliyun.com/g' /etc/apt/sources.list&&\
    sed -i 's/security.ubuntu.com/mirrors.aliyun.com/g' /etc/apt/sources.list
RUN apt-get update
RUN apt-get install -y apache2 php5 libapache2-mod-php5 php5-mysql php5-curl php5-gd php5-idn php-pear php5-imagick php5-imap php5-mcrypt php5-memcache php5-ming php5-ps php5-pspell php5-recode php5-snmp php5-sqlite php5-tidy php5-xmlrpc php5-xsl mysql-server vim curl

COPY start.sh /root/start.sh
COPY sqli-labs /var/www/html/
COPY flag.sql /root/flag.sql
RUN chmod +x /root/start.sh

RUN chown -R mysql:mysql /var/lib/mysql&&\
#修改secure_file_priv sed -i "N;32a\secure_file_priv=/var/www/html" /etc/mysql/my.cnf&&\ find /var/lib/mysql -type f -exec touch {} \; && service mysql start &&\
#修改root密码,安装,新建mysql用户,降权 mysqladmin -uroot password kagi&&\ mysql -uroot -pkagi -e "CREATE USER 'user'@'localhost' IDENTIFIED BY 'user';"&&\ mysql -uroot -pkagi -e "grant ALL on *.* to user@'localhost' identified by 'user';"&&\ mysql -uroot -pkagi -e "flush privileges;"&&\ sed -i '$a\ServerName 127.0.0.1' /etc/apache2/apache2.conf&&service apache2 restart&&\
curl http://127.0.0.1/sql-connections/setup-db.php&&\ mysql -uroot -pkagi -e "revoke all privileges on *.* from user@localhost;"&&\ mysql -uroot -pkagi -e "grant SELECT, INSERT, UPDATE, DELETE ,FIlE on *.* to user@'localhost' identified by 'user';"&&\ mysql -uroot -pkagi -e "flush privileges;"&&\ mysql -uroot -pkagi -e "create database flag;"&&\ mysql -uroot -pkagi flag < /root/flag.sql #web目录默认为root:root 755,新建可以目录,用于写webshell RUN mkdir /var/www/html/tmp &&chmod 777 /var/www/html/tmp EXPOSE 80 3306 CMD ["/root/start.sh"]

start.sh

#!/bin/bash

/etc/init.d/apache2 restart
find /var/lib/mysql -type f -exec touch {} \; && service mysql start
/bin/bash

 flag.sql

-- phpMyAdmin SQL Dump
-- version 4.8.5
-- https://www.phpmyadmin.net/
--
-- 主机: 127.0.0.1:3306
-- 生成日期: 2019-11-25 05:27:06
-- 服务器版本: 5.7.26
-- PHP 版本: 5.6.40

SET SQL_MODE = "NO_AUTO_VALUE_ON_ZERO";
SET AUTOCOMMIT = 0;
START TRANSACTION;
SET time_zone = "+00:00";


/*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */;
/*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */;
/*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */;
/*!40101 SET NAMES utf8mb4 */;

--
-- 数据库: `flag`
--

-- --------------------------------------------------------

--
-- 表的结构 `flag`
--

DROP TABLE IF EXISTS `flag`;
CREATE TABLE IF NOT EXISTS `flag` (
  `id` int(11) NOT NULL,
  `flag` varchar(100) NOT NULL
) ENGINE=MyISAM DEFAULT CHARSET=utf8;

--
-- 转存表中的数据 `flag`
--

INSERT INTO `flag` (`id`, `flag`) VALUES
(1, 'flag{sqli_easy}');
COMMIT;

/*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */;
/*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */;
/*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;
View Code

 

posted @ 2019-11-22 12:01  ~kagi~  阅读(2085)  评论(0编辑  收藏  举报