92 lines
2.2 KiB
Docker
92 lines
2.2 KiB
Docker
FROM debian:stretch-slim
|
|
|
|
MAINTAINER Aymeric Sorek "aymericsorek@protonmail.com"
|
|
|
|
|
|
# Environment
|
|
ENV LANG C.UTF-8
|
|
ENV LANGUAGE C.UTF-8
|
|
ENV LC_ALL C.UTF-8
|
|
|
|
|
|
# Update and upgrade
|
|
RUN apt-get update \
|
|
&& apt-get dist-upgrade -y
|
|
|
|
# Environnement
|
|
ENV user puppet-master
|
|
ENV admin zetatech-maintenance
|
|
|
|
|
|
# Install packets
|
|
RUN apt-get install -y wget \
|
|
openssh-server \
|
|
vim \
|
|
nano \
|
|
python2.7 \
|
|
python3 \
|
|
sudo \
|
|
iputils-ping
|
|
|
|
|
|
# Bash vulnerable install (Shellshock)
|
|
COPY bash_4.2+dfsg-0.1_amd64.deb /tmp/bash_4.2+dfsg-0.1_amd64.deb
|
|
RUN dpkg -i /tmp/bash_4.2+dfsg-0.1_amd64.deb
|
|
|
|
|
|
RUN mkdir /var/run/sshd
|
|
|
|
# Change root password
|
|
RUN echo "root:0Prop-bonn2-itt-4Mere-judy-Midst-Tine1" | chpasswd
|
|
|
|
# Adduser
|
|
RUN adduser --home /home/${admin} --shell /bin/bash --disabled-password --gecos "" ${admin}
|
|
RUN adduser --home /home/${user} --shell /bin/bash --disabled-password --gecos "" ${user} \
|
|
&& echo ${user}":"${user} | chpasswd
|
|
|
|
# Sudo (vulnerable)
|
|
RUN echo 'Defaults lecture="never"' >> /etc/sudoers
|
|
RUN echo ${user}" ALL=("${user}":"${admin}") /usr/bin/wget" >> /etc/sudoers
|
|
|
|
# SSH files
|
|
RUN mkdir -p /home/${user}/.ssh
|
|
COPY ./sshd_config /etc/ssh/sshd_config
|
|
COPY ./maintenance.pub /home/${user}/.ssh/authorized_keys
|
|
COPY ./banner /etc/banner
|
|
|
|
# Configure permissions
|
|
RUN chmod -R 550 /home/${user} \
|
|
&& chown -R ${user}:${user} /home/${user}/.ssh \
|
|
&& chmod 500 /home/${user}/.ssh \
|
|
&& chmod 400 /home/${user}/.ssh/authorized_keys \
|
|
&& chmod 773 /tmp \
|
|
&& chmod +t /tmp
|
|
|
|
|
|
# Copy Flag and set permissions
|
|
COPY ./client.note /home/${user}/client.note
|
|
COPY ./tech.note /home/${user}/tech.note
|
|
|
|
RUN chown root:${user} /home/${user}/client.note \
|
|
&& chmod 740 /home/${user}/client.note \
|
|
&& chown root:${admin} /home/${user}/tech.note \
|
|
&& chmod 740 /home/${user}/tech.note
|
|
|
|
|
|
# Copy ssh exec file and set permissions
|
|
COPY ./status.sh /home/${user}/status.sh
|
|
RUN chown root:${user} /home/${user}/status.sh \
|
|
&& chmod 750 /home/${user}/status.sh
|
|
|
|
# Clean up
|
|
RUN apt-get autoremove
|
|
RUN apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
|
|
|
|
# Launch service
|
|
COPY start.sh /start.sh
|
|
RUN chmod 770 /start.sh
|
|
CMD ["./start.sh"]
|
|
|
|
# Open ports
|
|
EXPOSE 22
|