From bd76adb0c42596bc2a3d3d48d49a22b657e967f8 Mon Sep 17 00:00:00 2001
From: dptsec <movsx@icloud.com>
Date: Sun, 19 Oct 2025 10:58:41 -0500
Subject: [PATCH] add docker for testing

---
 docker/Dockerfile         | 147 ++++++++++++++++++++++++++++++++++++++
 docker/docker-compose.yml |  39 ++++++++++
 docker/entrypoint.sh      |  31 ++++++++
 3 files changed, 217 insertions(+)
 create mode 100644 docker/Dockerfile
 create mode 100644 docker/docker-compose.yml
 create mode 100644 docker/entrypoint.sh

diff --git a/docker/Dockerfile b/docker/Dockerfile
new file mode 100644
index 0000000..d2a1958
--- /dev/null
+++ b/docker/Dockerfile
@@ -0,0 +1,147 @@
+FROM ubuntu:22.04
+
+# Prevent interactive prompts during installation
+ENV DEBIAN_FRONTEND=noninteractive
+
+# Install build dependencies for Samba
+RUN apt-get update && apt-get install -y \
+  acl \
+  attr \
+  autoconf \
+  bind9utils \
+  binutils \
+  bison \
+  build-essential \
+  ccache \
+  chrpath \
+  curl \
+  debhelper \
+  dnsutils \
+  docbook-xml \
+  docbook-xsl \
+  flex \
+  gcc \
+  gdb \
+  git \
+  glusterfs-common \
+  gzip \
+  heimdal-multidev \
+  hostname \
+  htop \
+  krb5-config \
+  krb5-kdc \
+  krb5-user \
+  lcov \
+  libacl1-dev \
+  libarchive-dev \
+  libattr1-dev \
+  libavahi-common-dev \
+  libblkid-dev \
+  libbsd-dev \
+  libcap-dev \
+  libcephfs-dev \
+  libcups2-dev \
+  libdbus-1-dev \
+  libglib2.0-dev \
+  libgnutls28-dev \
+  libgpgme-dev \
+  libicu-dev \
+  libjansson-dev \
+  libjs-jquery \
+  libjson-perl \
+  libkrb5-dev \
+  libldap2-dev \
+  liblmdb-dev \
+  libncurses5-dev \
+  libpam0g-dev \
+  libparse-yapp-perl \
+  libpcap-dev \
+  libpopt-dev \
+  libreadline-dev \
+  libsystemd-dev \
+  libtasn1-bin \
+  libtasn1-dev \
+  libunwind-dev \
+  lmdb-utils \
+  locales \
+  lsb-release \
+  make \
+  mawk \
+  mingw-w64 \
+  patch \
+  perl \
+  perl-modules \
+  pkg-config \
+  procps \
+  psmisc \
+  python3 \
+  python3-cryptography \
+  python3-dateutil \
+  python3-dbg \
+  python3-dev \
+  python3-dnspython \
+  python3-gpg \
+  python3-markdown \
+  python3-pyasn1 \
+  python3-requests \
+  rng-tools \
+  rsync \
+  sed \
+  sudo \
+  tar \
+  tree \
+  uuid-dev \
+  wget \
+  xsltproc \
+  zlib1g-dev \
+  && rm -rf /var/lib/apt/lists/*
+
+# Download and extract Samba 4.23.1
+WORKDIR /usr/src
+RUN wget https://download.samba.org/pub/samba/stable/samba-4.23.1.tar.gz && \
+  tar -xzf samba-4.23.1.tar.gz && \
+  rm samba-4.23.1.tar.gz
+
+# Build Samba
+WORKDIR /usr/src/samba-4.23.1
+RUN ./configure \
+  --prefix=/usr/local/samba \
+  --enable-debug \
+  --enable-selftest \
+  --with-ads \
+  --with-systemd \
+  --systemd-install-services \
+  --with-winbind && \
+  make -j$(nproc) && \
+  make install
+
+# Create directories
+RUN mkdir -p /usr/local/samba/etc \
+  /usr/local/samba/var/locks \
+  /usr/local/samba/var/run \
+  /usr/local/samba/private \
+  /var/log/samba \
+  /var/lib/samba
+
+# Create wins hook script (demonstrates vulnerability)
+RUN echo '#!/bin/bash\n\
+  echo "WINS Hook Executed!" >> /var/log/samba/wins_hook.log\n\
+  echo "Action: $1" >> /var/log/samba/wins_hook.log\n\
+  echo "NetBIOS Name: $2" >> /var/log/samba/wins_hook.log\n\
+  echo "IP Address: $3" >> /var/log/samba/wins_hook.log\n\
+  echo "Timestamp: $(date)" >> /var/log/samba/wins_hook.log\n\
+  echo "---" >> /var/log/samba/wins_hook.log' > /usr/local/samba/bin/wins_hook.sh && \
+  chmod +x /usr/local/samba/bin/wins_hook.sh
+
+# Add Samba binaries to PATH
+ENV PATH="/usr/local/samba/bin:/usr/local/samba/sbin:${PATH}"
+
+# Copy configuration files
+COPY smb.conf /usr/local/samba/etc/smb.conf
+COPY entrypoint.sh /entrypoint.sh
+RUN chmod +x /entrypoint.sh
+
+# Expose necessary ports
+EXPOSE 137/udp 138/udp 139/tcp 445/tcp 389/tcp 636/tcp 88/tcp 464/tcp
+
+ENTRYPOINT ["/entrypoint.sh"]
diff --git a/docker/docker-compose.yml b/docker/docker-compose.yml
new file mode 100644
index 0000000..a5b61f5
--- /dev/null
+++ b/docker/docker-compose.yml
@@ -0,0 +1,39 @@
+version: '3.8'
+
+services:
+  samba-vulnerable:
+    build: .
+    container_name: samba-vuln-4.23.1
+    hostname: vuln-dc
+    domainname: vulnerable.local
+    networks:
+      samba_net:
+        ipv4_address: 172.20.0.10
+    ports:
+      - "8137:137/udp"
+      - "8138:138/udp"
+      - "139:139/tcp"
+      - "8445:445/tcp"
+      - "8389:389/tcp"
+      - "8636:636/tcp"
+      - "8088:88/tcp"
+      - "8464:464/tcp"
+    volumes:
+      - samba-data:/usr/local/samba/private
+      - samba-logs:/var/log/samba
+    cap_add:
+      - NET_ADMIN
+      - SYS_ADMIN
+    stdin_open: true
+    tty: true
+
+networks:
+  samba_net:
+    driver: bridge
+    ipam:
+      config:
+        - subnet: 172.20.0.0/16
+
+volumes:
+  samba-data:
+  samba-logs:
diff --git a/docker/entrypoint.sh b/docker/entrypoint.sh
new file mode 100644
index 0000000..6246b9f
--- /dev/null
+++ b/docker/entrypoint.sh
@@ -0,0 +1,31 @@
+#!/bin/bash
+
+set -e
+
+echo "Samba 4.23.1 CVE-2025-10230 Test Environment"
+
+# Create log file for wins hook
+touch /var/log/samba/wins_hook.log
+chmod 666 /var/log/samba/wins_hook.log
+
+# Check if domain is already provisioned
+if [ ! -f /usr/local/samba/private/sam.ldb ]; then
+    echo "Provisioning domain..."
+    /usr/local/samba/bin/samba-tool domain provision \
+        --realm=VULNERABLE.LOCAL \
+        --domain=VULNERABLE \
+        --adminpass='P@ssw0rd123!' \
+        --server-role=dc \
+        --use-rfc2307 \
+        --dns-backend=SAMBA_INTERNAL
+
+    echo "Domain provisioned"
+else
+    echo "Domain already provisioned"
+fi
+
+echo "WINS Hook: /usr/local/samba/bin/wins_hook.sh"
+echo "WINS Hook Log: /var/log/samba/wins_hook.log"
+
+# Start Samba in foreground
+exec /usr/local/samba/sbin/samba -i -M single -s /usr/local/samba/etc/smb.conf