docker for ctf
Docker for ctf docker installation in the vps Centos:
1 curl -sSL https: //get .daocloud.io/docker | sh
Start the docker
Usage of container -i交互式操作 -t终端 ubuntu镜像 /bin/bash交互式shell
1 2 3 4 5 docker pull ubuntu docker run -it ubuntu /bin/ bash exit
后台运行-d默认不会进入容器
1 2 3 docker run -itd --name ubuntu-test ubuntu /bin/ bash docker exec -it <containId> /bin/ bash
run a web container 1 docker run -d -p 2333 :80 -p 3308 :3306 tutum/lamp
Usage of images Get the images from DockerHub
1 2 3 docker pull 仓库名 docker pull ubuntu:18.04
command for container list containers View the containers information
1 2 3 4 5 docker ps docker ps -a docker ps -l docker ps -n=2
参数:
参数
含义
CONTANER ID
容器id,唯一标识符,64位的十六进制整数
IMAGE
创建容器时使用的镜像
COMMAND
容器最后运行的命令
CREATED
创建容器的时间
STATUS
容器的状态
PORTS
容器对外开放的端口
NAMES
容器的名字,有默认值
create containers create -> run
1 2 3 docker create xxx docker create [
create + run
后台型容器
name: 创建容器的名字 -d 容器在后台运行 -p 将容器的端口[port2]映射到宿主机的端口[port1]
交互型容器
1 2 3 docker run --name xxx -it xxx /bin/bash docker run --name =ubuntu1 -it ubuntu /bin/bash
-i 开发容器的标准输入(STDIN) -t 为容器创建应该命令行终端 exit 可以退出终端
start and stop 1 2 docker start xxx docker stop xxx
xxx->name/id
by default, the docker will not restart, --restart
can be used to restart the container
1 docker run --restart =always --name nginx1 -d -p 8080:80 nginx
标志
结果
no
默认,不自动重启容器
on:failue[:max-retries]
非正常退出,可选参数:最大重启次数
always
始终重启容器,无论容器当时状态为何都会尝试重启
ubless-stopped
始终重启容器,docker守护进程启动时,若容器停止运行则不会去重启它
restart 1 docker restart CONTAINER XXX
delete/remove
batch remove
1 docker rm $(docker ps -a -q )
attach For interactive containers.
The container would stop if exit.
process in the container 1 docker exec -it xxx /bin/ bash
-i:交互式操作 -t:终端 -d:让容器在后台运行 -p:将容器内部使用的网络端口映射到我们使用的主机上 指定端口映射
1 2 3 4 ip: hostPort:containerPortip: :containerPorthostPort: containerPortcontainerPort
It would not result in container stop if exit from the container.
container info 1 2 3 4 5 docker top xxx docker inspect xxx
The detail includes: id
, container name
, environment variable
, command
, host config
, … Some info can be viewed by set -f
or --format
.
1 2 3 4 5 6 7 8 9 10 11 // view the running status docker inspect -f=' {{.State.Running }} ' xxx // view the container ip docker inspect -f=' {{.NetworkSettings.IPAddress }} ' xxx // view the container name and id docker inspect -f=' {{.Name }} {{.ID }} ' xxx // view the host info docker inspect -f=' {{.HostConfig }} {{.ID }} ' xxx
View the log
1 2 3 4 docker logs xxx docker logs -f --tail =3 -t xxx
-f参数:跟踪日志输出 -t参数:显示时间戳 –tail:仅列出最新N条容器日志
1 docker run -d --name ubuntu1 ubuntu /bin/bash -c 'for((i=0 ;1 ;i++));do echo $1 ;sleep 1 ;done'
import and export docker export 把容器的文件系统以tar的格式导出到标准输出,使用>命令将其定位到目标文件 xxx.tar,将容器保存到本地后就可以通过网络等方法将tar包分享给他人
1 docker export xxx > xxx.tar
docker import import a local tar
as image res: generated image; & tag
1 2 3 cat xxx.tar | docker import - xxx/ubuntu:v1.0docker import url res:tag
Local image management create container by images 1 2 3 docker images docker run -itd --name [name] -p 8080 :80 [containerId]
image search image
1 2 docker search xxx docker search java
pull images
we can assign the wanted image tag and Docker Registry address
1 docker pull reg .itmuch.com /java:7
list images
remove images
Custom images using Dockerfile FROM - Specify the base image Many official images can be found in DockerHub
FROM scratch 不以任何镜像为基础,接下来所写的指令就是镜像的第一层
RUN shell format RUN<命令>
1 RUN echo '<h1>Hello</h1>' > /usr/ share/nginx/ html/index.html
exec format RUN[“可执行文件”, “参数1”, “参数2”] &&将各个命令串联、在行尾添加 \ 进行换行,行首 # 进行注释
1 2 3 RUN buildDeps = 'gcc libc6-dev make wget' \ &&apt-get install xxx &&RUN wget xxxx
Build images 1 2 3 docker build [OPTIONS ] <context path/url/ -> docker build -t nginx:v1 .
Example 1 2 docker pull webgoat/webgoat-8 .0 docker run -tp 8080 :8080 webgoat/webgoat-9 .0
1 2 3 docker pull acgpiano/sqli-labs docker run -dt --name sqli-lab -p [port you set]:80 acgpiano/sqli-labs:latest
For CTF no dockerfile If there is only front-end, you can use nginx to build the image.
1 2 3 4 5 6 7 docker search nginx docker pull xxx/nginx docker run --name <container_name> --volume "$PWD/web0" :/usr/ share/nginx/ html -d -p 5000 :80 nginx docker cp /var/ www/html/ filename container_id:/var/ www/html
php enviroment: linux+apache+mysql+php
1 2 3 4 5 6 7 docker search lamp docker pull tutum/lamp docker run --name <containerName> -d -p 2333 :80 -p 3308 :3306 tutum/lamp docker cp /var/ www/html/ filename container_id:/var/ www/html
With database
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 // Enter the container docker exec -it container_id /bin/bash // Connect the database and there is no password by default mysql -u root // Create database and use it create database ctf;use ctf; // Create the user in database create user user @localhost identified by 'pass' ;// allocate privileges to users grant all privileges on database .* to user @localhost;// refresh /flush flush privileges ;
Or we can import the database by using .sql
files.
Use & Write Dockerfile
FROM <镜像> WORKDIR <工作目录路径> COPY [–chown=:] <源路径1>… <目标路径> RUN <命令行命令> docker构建时执行 CMD <shell命令> EXPOSE <对外开放的端口>
In the directory
the dockerfile in
1 docker build -t <name > .
docker-compose.yml Using docker-compos.yml
, we can build
Examples:
1 2 3 4 5 6 7 8 version: '3' services: web: build: . restart: always ports: - "2333:80"
1 2 3 4 5 6 7 8 9 10 11 version: '2' services: service: build: . image: imageName ports: - 2002 :80
versioin:版本号 services:配置 web:自定义标签 build:以dockerfile类型启动容器,后跟dockerfile的路径
Start it!