Fully functionnal challenge
This commit is contained in:
91
debian-ssh/Dockerfile
Normal file
91
debian-ssh/Dockerfile
Normal file
@ -0,0 +1,91 @@
|
||||
FROM debian:stretch-slim
|
||||
|
||||
MAINTAINER Aymeric Sorek "aymericsorek@protonmail.com"
|
||||
|
||||
|
||||
# Environment
|
||||
ENV LANG C.UTF-8
|
||||
ENV LANGUAGE C.UTF-8
|
||||
ENV LC_ALL C.UTF-8
|
||||
|
||||
|
||||
# Update and upgrade
|
||||
RUN apt-get update \
|
||||
&& apt-get dist-upgrade -y
|
||||
|
||||
# Environnement
|
||||
ENV user puppet-master
|
||||
ENV admin zetatech-maintenance
|
||||
|
||||
|
||||
# Install packets
|
||||
RUN apt-get install -y wget \
|
||||
openssh-server \
|
||||
vim \
|
||||
nano \
|
||||
python2.7 \
|
||||
python3 \
|
||||
sudo \
|
||||
iputils-ping
|
||||
|
||||
|
||||
# Bash vulnerable install (Shellshock)
|
||||
COPY bash_4.2+dfsg-0.1_amd64.deb /tmp/bash_4.2+dfsg-0.1_amd64.deb
|
||||
RUN dpkg -i /tmp/bash_4.2+dfsg-0.1_amd64.deb
|
||||
|
||||
|
||||
RUN mkdir /var/run/sshd
|
||||
|
||||
# Change root password
|
||||
RUN echo "root:0Prop-bonn2-itt-4Mere-judy-Midst-Tine1" | chpasswd
|
||||
|
||||
# Adduser
|
||||
RUN adduser --home /home/${admin} --shell /bin/bash --disabled-password --gecos "" ${admin}
|
||||
RUN adduser --home /home/${user} --shell /bin/bash --disabled-password --gecos "" ${user} \
|
||||
&& echo ${user}":"${user} | chpasswd
|
||||
|
||||
# Sudo (vulnerable)
|
||||
RUN echo 'Defaults lecture="never"' >> /etc/sudoers
|
||||
RUN echo ${user}" ALL=("${user}":"${admin}") /usr/bin/wget" >> /etc/sudoers
|
||||
|
||||
# SSH files
|
||||
RUN mkdir -p /home/${user}/.ssh
|
||||
COPY ./sshd_config /etc/ssh/sshd_config
|
||||
COPY ./maintenance.pub /home/${user}/.ssh/authorized_keys
|
||||
COPY ./banner /etc/banner
|
||||
|
||||
# Configure permissions
|
||||
RUN chmod -R 550 /home/${user} \
|
||||
&& chown -R ${user}:${user} /home/${user}/.ssh \
|
||||
&& chmod 500 /home/${user}/.ssh \
|
||||
&& chmod 400 /home/${user}/.ssh/authorized_keys \
|
||||
&& chmod 773 /tmp \
|
||||
&& chmod +t /tmp
|
||||
|
||||
|
||||
# Copy Flag and set permissions
|
||||
COPY ./client.note /home/${user}/client.note
|
||||
COPY ./tech.note /home/${user}/tech.note
|
||||
|
||||
RUN chown root:${user} /home/${user}/client.note \
|
||||
&& chmod 740 /home/${user}/client.note \
|
||||
&& chown root:${admin} /home/${user}/tech.note \
|
||||
&& chmod 740 /home/${user}/tech.note
|
||||
|
||||
|
||||
# Copy ssh exec file and set permissions
|
||||
COPY ./status.sh /home/${user}/status.sh
|
||||
RUN chown root:${user} /home/${user}/status.sh \
|
||||
&& chmod 750 /home/${user}/status.sh
|
||||
|
||||
# Clean up
|
||||
RUN apt-get autoremove
|
||||
RUN apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
|
||||
|
||||
# Launch service
|
||||
COPY start.sh /start.sh
|
||||
RUN chmod 770 /start.sh
|
||||
CMD ["./start.sh"]
|
||||
|
||||
# Open ports
|
||||
EXPOSE 22
|
||||
Reference in New Issue
Block a user