以制作一个ubuntu16的靶机为例
先随便拉一个ubuntu16的镜像:
docker pull ubuntu:16.04
安装工具:
// 创建一个容器docker run -it ubuntu:16.04 /bin/bash// 换源sed -i "s/http:\/\/archive.ubuntu.com/http:\/\/mirrors.aliyun.com/g" /etc/apt/sources.list//更新源apt-get update && apt-get -y dist-upgrade//下载libc32库与xinetd(网络守护进程服务程序)apt-get install -y lib32z1 xinetd build-essential python python-devexit//返回
打包成镜像方便下次使用:
docker commit CONTAINER_HASH pwn_server:16.04
在home下新建一个ctf文件夹
里面存放五个文件
我们创建靶机的时候会将这5个文件放入靶机的/home/ctf文件夹中
其中:
pxi为xinetd 脚本,用于配置 pwn题服务
service pwn{disable = nosocket_type = streamprotocol = tcpwait = nouser = roottype = UNLISTEDport = 8888bind = 0.0.0.0server = /usr/sbin/chrootserver_args = --userspec=ctf:ctf / timeout 30 ./home/ctf/pwnbanner_fail = /etc/banner_fail# safety optionsper_source = 10 # the maximum instances of this service per source IP addressrlimit_cpu = 60 # the maximum number of CPU seconds that the service may userlimit_as = 1024M # the Address Space resource limit for the service#access_times = 2:00-9:00 12:00-24:00#Instances = 20 #process limit#per_source = 5 #link ip limit#log warning dielog_on_success = PID HOST EXIT DURATIONlog_on_failure = HOST ATTEMPTlog_type =FILE /var/log/myservice.log 8388608 15728640}
start.sh为启动container时运行的脚本
#!/bin/shuseradd -m ctfsleep 2chmod 555 -R /home/ctfcp /home/ctf/pxi /etc/xinetd.d/pwn/etc/init.d/xinetd restarttrap : TERM INT; sleep infinity & wait# /bin/sh
find_flag为pwn题
准备好后就可以用刚才的镜像生成靶机容器了:
docker run -p $PORT:8888 -v `pwd`:/home/ctf -it $IMAGE_NAME /bin/sh
$PORT为开放的端口,$IMAGE_NAME为镜像
创建好之后测试一下
若有收获,就点个赞吧
0 人点赞
