From 3ec426e74587b0c3cc3745f33d5e023e8cec2b42 Mon Sep 17 00:00:00 2001 From: wintrysec Date: Mon, 14 Dec 2020 17:35:19 +0800 Subject: [PATCH] =?UTF-8?q?:zap:=E6=B7=BB=E5=8A=A0Shiro=E9=9D=B6=E6=9C=BA?= =?UTF-8?q?=E5=92=8CS2-061=E9=9D=B6=E6=9C=BA=E4=BB=A5=E5=8F=8A=E4=BF=AE?= =?UTF-8?q?=E6=94=B9=E8=AF=B4=E6=98=8E=E6=96=87=E6=A1=A3?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- README.md | 70 +++++++++++++++--- .../Apache-Shiro/Shiro-550/docker-compose.yml | 7 ++ Ranges/Cgi/CVE-2016-5385/docker-compose.yml | 16 ---- Ranges/Cgi/CVE-2016-5385/nginx/default.conf | 26 ------- Ranges/Cgi/CVE-2016-5385/www/index.php | 20 ----- .../CVE-2019-3396/docker-compose.yml | 14 ---- Ranges/Ecshop/ecshop-3.6.0/docker-compose.yml | 13 ---- Ranges/Struts2/s2-061/docker-compose.yml | 7 ++ Ranges/Supervisor/CVE-2017-11610/Dockerfile | 17 ----- .../CVE-2017-11610/docker-compose.yml | 7 -- .../CVE-2017-11610/docker-entrypoint.sh | 5 -- Ranges/imagemagick/CVE-2016–3714/Dockerfile | 5 -- .../CVE-2016–3714/docker-compose.yml | 9 --- Ranges/imagemagick/CVE-2016–3714/www/demo.php | 2 - .../imagemagick/CVE-2016–3714/www/upload.php | 23 ------ Ranges/imagemagick/CVE-2016–3714/www/vul.jpg | 4 - flaskr/templates/index/welcome.html | 29 ++++---- instance/flaskr.sqlite | Bin 36864 -> 36864 bytes 18 files changed, 89 insertions(+), 185 deletions(-) create mode 100644 Ranges/Apache/Apache-Shiro/Shiro-550/docker-compose.yml delete mode 100644 Ranges/Cgi/CVE-2016-5385/docker-compose.yml delete mode 100644 Ranges/Cgi/CVE-2016-5385/nginx/default.conf delete mode 100644 Ranges/Cgi/CVE-2016-5385/www/index.php delete mode 100644 Ranges/Confluence/CVE-2019-3396/docker-compose.yml delete mode 100644 Ranges/Ecshop/ecshop-3.6.0/docker-compose.yml create mode 100644 Ranges/Struts2/s2-061/docker-compose.yml delete mode 100644 Ranges/Supervisor/CVE-2017-11610/Dockerfile delete mode 100644 Ranges/Supervisor/CVE-2017-11610/docker-compose.yml delete mode 100644 Ranges/Supervisor/CVE-2017-11610/docker-entrypoint.sh delete mode 100644 Ranges/imagemagick/CVE-2016–3714/Dockerfile delete mode 100644 Ranges/imagemagick/CVE-2016–3714/docker-compose.yml delete mode 100644 Ranges/imagemagick/CVE-2016–3714/www/demo.php delete mode 100644 Ranges/imagemagick/CVE-2016–3714/www/upload.php delete mode 100644 Ranges/imagemagick/CVE-2016–3714/www/vul.jpg diff --git a/README.md b/README.md index 0bc2ec6..2d768a8 100644 --- a/README.md +++ b/README.md @@ -1,26 +1,81 @@ > **VulnRange的定位是一个漏洞靶场,用于快速的启动漏洞环境,便于漏洞复现和研究** +使用VulnRange可以快速的部署含有未修复漏洞的Shiro和S2等第三方组件的测试环境,方便复现漏洞。 + # 安装部署🚀 +## 注意事项 + +> 1. 项目需要放到 `~/` 当前用户目录下 +> 2. ubuntu 需要将`start.sh`中的`~/`改为绝对路径,如`/home/ubuntu` +> 3. 关闭Linux防火墙后请重启docker +> 4. python使用python3.8以上版本 +> 5. 不建议部署在VPS上,小心被人GetShell + ## 环境配置 **以Centos为例** -1、[Centos安装python3.8和PIP](https://www.cnblogs.com/wintrysec/p/11963807.html) +1、Centos安装python3.8和PIP + +```bash +#安装python3.8 +yum -y install yum-utils +yum-builddep python +curl -O https://www.python.org/ftp/python/3.8.0/Python-3.8.0.tgz +tar xf Python-3.8.0.tgz +cd Python-3.8.0 +./configure +make +make install + +#设置python3.8为默认版本 +vi /etc/profile.d/python.sh #编辑用户自定义配置,输入alias参数 +alias python='/usr/local/bin/python3.8'  #这里写你的python路径 +source /etc/profile.d/python.sh #重启会话使配置生效 + +#安装pip +wget https://bootstrap.pypa.io/get-pip.py +python get-pip.py -i https://pypi.tuna.tsinghua.edu.cn/simple/ +``` 2、安装docker和docker-compose [把docker源换掉,推荐阿里云的源] +```bash +#安装docker +yum install -y yum-utils # yum-config-manager需要用这个包 +yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo #安装docker官方源 +yum makecache +yum -y install docker-ce +systemctl start docker + +#安装docker-compose +pip install docker-compose -i https://pypi.mirrors.ustc.edu.cn/simple/ +``` + +更换阿里源:[阿里云帮助手册](https://help.aliyun.com/document_detail/60750.html?spm=a2c4g.11186623.6.553.4851242foO76sC),用淘宝账号登陆后获取一个独有的加速地址 + 3、关闭防火墙和SELinux +```bash +firewall-cmd --state #查看防火墙状态 +systemctl stop firewall.service #停止防火墙 +systemctl disable firewall.service #禁止开机启动 + +vim /etc/selinux/config/ +#修改为以下内容 +SELINUX=disabled + +#然后最好重启一下系统 +``` + ## 下载安装VulnRange ```bash git clone https://github.com/wgpsec/VulnRange.git cd VulnRange pip install -e . -i https://pypi.tuna.tsinghua.edu.cn/simple/ #安装项目 - - -pip install Flask #自动安装完启动项目Flask报错后,更新pip 从新安装Flask即可 +pip install Flask #自动安装完启动项目Flask报错后,更新pip安装Flask ``` # 功能介绍:memo: @@ -60,10 +115,3 @@ sh start.sh 靶机环境构建完成后,点击链接即可访问 ![](README/image-20200921222813545.png) - -# 注意事项 - -> 1. 项目需要放到 `~/` 当前用户目录下 -> 2. ubuntu 需要将`start.sh`中的`~/`改为绝对路径,如`/home/ubuntu` -> 3. 关闭Linux防火墙后请重启docker - diff --git a/Ranges/Apache/Apache-Shiro/Shiro-550/docker-compose.yml b/Ranges/Apache/Apache-Shiro/Shiro-550/docker-compose.yml new file mode 100644 index 0000000..d1881cc --- /dev/null +++ b/Ranges/Apache/Apache-Shiro/Shiro-550/docker-compose.yml @@ -0,0 +1,7 @@ +version: '3' +services: + web: + image: vulhub/shiro:1.2.4 + container_name: Shiro-550 + ports: + - "8080" \ No newline at end of file diff --git a/Ranges/Cgi/CVE-2016-5385/docker-compose.yml b/Ranges/Cgi/CVE-2016-5385/docker-compose.yml deleted file mode 100644 index 27ad9cc..0000000 --- a/Ranges/Cgi/CVE-2016-5385/docker-compose.yml +++ /dev/null @@ -1,16 +0,0 @@ -version: '2' -services: - nginx: - image: nginx:1 - container_name: CVE-2016-5385 - volumes: - - ./www/index.php:/usr/share/nginx/html/index.php - - ./nginx/default.conf:/etc/nginx/conf.d/default.conf - depends_on: - - php - ports: - - "80" - php: - image: vulhub/php:httpoxy - volumes: - - ./www/index.php:/var/www/html/index.php \ No newline at end of file diff --git a/Ranges/Cgi/CVE-2016-5385/nginx/default.conf b/Ranges/Cgi/CVE-2016-5385/nginx/default.conf deleted file mode 100644 index 391fe79..0000000 --- a/Ranges/Cgi/CVE-2016-5385/nginx/default.conf +++ /dev/null @@ -1,26 +0,0 @@ -server { - listen 80 default_server; - listen [::]:80 default_server; - - root /usr/share/nginx/html; - - index index.html index.php; - - server_name _; - - location / { - try_files $uri $uri/ =404; - } - - location ~ [^/]\.php(/|$) { - fastcgi_index index.php; - - include fastcgi_params; - - fastcgi_param REDIRECT_STATUS 200; - fastcgi_param SCRIPT_FILENAME /var/www/html$fastcgi_script_name; - fastcgi_param DOCUMENT_ROOT /var/www/html; - fastcgi_pass php:9000; - } - -} \ No newline at end of file diff --git a/Ranges/Cgi/CVE-2016-5385/www/index.php b/Ranges/Cgi/CVE-2016-5385/www/index.php deleted file mode 100644 index 620e1ae..0000000 --- a/Ranges/Cgi/CVE-2016-5385/www/index.php +++ /dev/null @@ -1,20 +0,0 @@ - 'http://httpbin.org', - // You can set any number of default request options. - 'timeout' => 2.0, -]); - -$response = $client->get('http://httpbin.org/get'); - -$body = $response->getBody(); - -echo $body; \ No newline at end of file diff --git a/Ranges/Confluence/CVE-2019-3396/docker-compose.yml b/Ranges/Confluence/CVE-2019-3396/docker-compose.yml deleted file mode 100644 index f8f6026..0000000 --- a/Ranges/Confluence/CVE-2019-3396/docker-compose.yml +++ /dev/null @@ -1,14 +0,0 @@ -version: '2' -services: - web: - image: vulhub/confluence:6.10.2 - container_name: CVE-2019-3369 - ports: - - "8090:8090" - depends_on: - - db - db: - image: postgres:10.7-alpine - environment: - - POSTGRES_PASSWORD=postgres - - POSTGRES_DB=confluence \ No newline at end of file diff --git a/Ranges/Ecshop/ecshop-3.6.0/docker-compose.yml b/Ranges/Ecshop/ecshop-3.6.0/docker-compose.yml deleted file mode 100644 index 99e6689..0000000 --- a/Ranges/Ecshop/ecshop-3.6.0/docker-compose.yml +++ /dev/null @@ -1,13 +0,0 @@ -version: '2' -services: - ecshop36: - image: vulhub/ecshop:3.6.0 - container_name: ecshop-3.6.0 - depends_on: - - mysql - ports: - - "80" - mysql: - image: mysql:5.5 - environment: - - MYSQL_ROOT_PASSWORD=root \ No newline at end of file diff --git a/Ranges/Struts2/s2-061/docker-compose.yml b/Ranges/Struts2/s2-061/docker-compose.yml new file mode 100644 index 0000000..f41337e --- /dev/null +++ b/Ranges/Struts2/s2-061/docker-compose.yml @@ -0,0 +1,7 @@ +version: '3' +services: + struts2: + image: vulhub/struts2:2.5.25 + container_name: s2-061 + ports: + - "8080" \ No newline at end of file diff --git a/Ranges/Supervisor/CVE-2017-11610/Dockerfile b/Ranges/Supervisor/CVE-2017-11610/Dockerfile deleted file mode 100644 index 492aee9..0000000 --- a/Ranges/Supervisor/CVE-2017-11610/Dockerfile +++ /dev/null @@ -1,17 +0,0 @@ -FROM vulhub/python:2.7 - -MAINTAINER phithon - -COPY docker-entrypoint.sh /usr/local/bin/ - -RUN pip install -U pip \ - && pip install "supervisor==3.3.2" \ - && echo_supervisord_conf | tee /usr/local/etc/supervisord.conf \ - && { \ - echo "[inet_http_server]"; \ - echo "port=0.0.0.0:9001"; \ - echo; \ - } | tee -a /usr/local/etc/supervisord.conf \ - && chmod +x /usr/local/bin/docker-entrypoint.sh - -CMD ["/usr/local/bin/docker-entrypoint.sh"] \ No newline at end of file diff --git a/Ranges/Supervisor/CVE-2017-11610/docker-compose.yml b/Ranges/Supervisor/CVE-2017-11610/docker-compose.yml deleted file mode 100644 index b35ee8d..0000000 --- a/Ranges/Supervisor/CVE-2017-11610/docker-compose.yml +++ /dev/null @@ -1,7 +0,0 @@ -version: '3' -services: - web: - build: . - container_name: CVE-2017-11610 - ports: - - "9001:9001" \ No newline at end of file diff --git a/Ranges/Supervisor/CVE-2017-11610/docker-entrypoint.sh b/Ranges/Supervisor/CVE-2017-11610/docker-entrypoint.sh deleted file mode 100644 index a0d0492..0000000 --- a/Ranges/Supervisor/CVE-2017-11610/docker-entrypoint.sh +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/bash - -supervisord --user nobody -c /usr/local/etc/supervisord.conf - -while true; do sleep 30; done; \ No newline at end of file diff --git a/Ranges/imagemagick/CVE-2016–3714/Dockerfile b/Ranges/imagemagick/CVE-2016–3714/Dockerfile deleted file mode 100644 index c556818..0000000 --- a/Ranges/imagemagick/CVE-2016–3714/Dockerfile +++ /dev/null @@ -1,5 +0,0 @@ -FROM vulhub/imagemagick:6.9.2 - -MAINTAINER phithon - -RUN sed -i -e "s/Options -Indexes/Options +Indexes/g" $APACHE_CONFDIR/conf-available/docker-php.conf \ No newline at end of file diff --git a/Ranges/imagemagick/CVE-2016–3714/docker-compose.yml b/Ranges/imagemagick/CVE-2016–3714/docker-compose.yml deleted file mode 100644 index abaed81..0000000 --- a/Ranges/imagemagick/CVE-2016–3714/docker-compose.yml +++ /dev/null @@ -1,9 +0,0 @@ -version: '3' -services: - apache: - build: . - container_name: CVE-2016–3714 - volumes: - - ./www:/var/www/html - ports: - - "80" \ No newline at end of file diff --git a/Ranges/imagemagick/CVE-2016–3714/www/demo.php b/Ranges/imagemagick/CVE-2016–3714/www/demo.php deleted file mode 100644 index 21409a6..0000000 --- a/Ranges/imagemagick/CVE-2016–3714/www/demo.php +++ /dev/null @@ -1,2 +0,0 @@ -getSize(); - -echo "Image size is: "; -print_r($size); - -else: -?> -
- File: - -
- /tmp/success`' -pop graphic-context \ No newline at end of file diff --git a/flaskr/templates/index/welcome.html b/flaskr/templates/index/welcome.html index 58abd23..d84481a 100644 --- a/flaskr/templates/index/welcome.html +++ b/flaskr/templates/index/welcome.html @@ -34,6 +34,15 @@

+
  • + +

    狼组安全团队

    +

    + 渗透测试导航 +

    +     +
    • +

  • 狼组安全团队

    @@ -42,31 +51,25 @@

    • +
  • - +

    狼组安全团队

    - Perception + UrlScan

    • +
  • - -

    黎焰攻防实验室

    +     +

    狼组安全团队

    Web后台批量爆破

    • -
  • - -

    黎焰攻防实验室

    -

    - 渗透测试导航 -

    -     -
    • - + diff --git a/instance/flaskr.sqlite b/instance/flaskr.sqlite index 9296cad1ccf05c272506e73bb4c443633028ff4a..3732b7b2263e5a0b2d269948e6e6b750aa801e87 100644 GIT binary patch delta 894 zcmZXSUr19?9LLZ7w@u~V-+U0$Wlkfg^ltZFcg?NR%@O4&EtbhJO|gL*wCN^AjB;T# zBhlNjKU5F)5J4C!7XnL(9`xA1Tvy+4KJ5h5qXL$ z2m30Ds3~MuqVg_1L!qq7=1{Aa2-}lqD+Hrf1PQY+zfl6tb>?BaQ^ZY9gWB%A#Tq$| zDj>G-G)|sM@v9H+#8+?NYc}x)DvMa9Gdu7#LNUul5G1%)Fb>b47dpTLd$~W{H*T66 zwHeqJhp~bXeJwtD$!v)7k1FvMz0dBQQNy7rW1NhcJD7t8%VR# zGlpqHzoAb5T7N-L>H2h;%mm|O$aJqEBklKCw1-w_dMuRBu!7i4wx>#uN_cw#D+!Xo zixMx|%tDz%mK?IZdGmwtHj8MHQ!i$AyS(xKzWAH|cP?t`s&#C5S3WZKfb-lZFw zzh3L-J(_#Y71RIjWe!_ONaBT3(YqEG9*x9D##hI(J@L3F@%H}WyW8pU$+0-@OZ3JT zo(@YE!6IBYOBUH8$=+~hS2!fqpU~X%eL4I7t=(pKxCPnU+SVE1Wm%|qpF74&f>_Gi fY$b;p__YPIwy^yW>8@aNORGN>Qz`1`ozu);VwM4Q delta 1463 zcmZvcZ)_8F7{~8={U7h1&V|i(1a54LBE9zR+OF*-u$5*`aBL%;HZ?j^yV`Y|{a@XX zgkgr+5GeCU;Dv^aC;?53E=Bx95q%*qe6<%dF&d(fwX4LyyS*~tuj~3}&R#F~yWi9M zKF{ZQzSrpm+4O?!YzujRe!E+7pD-B*7e~@&oj_C6PBNYjCR5>PB-xApGPmqt=|uwm zhP$u~KS2(zK?Wwl2mN4X)|dh^@GY8$^ga3)`e!lV4ej8Y$%lyV7PDjBCuki|ZDbvf5j{Rs2I_yd6sp5%Mr-|Bc(jzBEaL$3 z4Q%3Js8+IuqxpXx71c;$9HpAtMwW0CrKf5*a$BqB=;*T!60c{)^tWzP$3w8)D*$2&Pu zUGQT?@s5CglQ>q!`u5UzcH)pnD)qdM!C?#??))LuS!6rzeRkBoj#n~(lTcvU9 zH`?cih6baPQ{^sU8=^ZY$#eKAEXMWLRb3L3@K?0?t1lX7H3=qL*{Q7C$gie94dxcSa&Y-RPhw{!|!2|hV?!n%d z9i=vfHV<8tY*tBdROPHryWoi>!jTZ`4Zi-|MD%SueXGfeeu(Q2l>;O8lFmC@bVNzC nR2z(S>>E0sU?80cr>58eS2{H+vK&_AO%7b>&g_>b2NnMUL_Dru