docker for ctf

Docker for ctf

docker installation in the vps

Centos:

1

curl -sSL https://get.daocloud.io/docker | sh

Start the docker

1

systemctl start docker

Usage of container

-i交互式操作 -t终端 ubuntu镜像 /bin/bash交互式shell

1
2
3
4
5

docker pull ubuntu

docker run -it ubuntu /bin/bash

exit

后台运行
-d默认不会进入容器

1
2
3

docker run -itd --name ubuntu-test ubuntu /bin/bash

docker exec -it <containId> /bin/bash

run a web container

1

docker run -d -p 2333:80 -p 3308:3306 tutum/lamp

Usage of images

Get the images from DockerHub

1
2
3

docker pull [option] [Docker Registry 地址[:端口号]/]仓库名[:标签]

docker pull ubuntu:18.04

command for container

list containers

View the containers information

1
2
3
4
5

docker ps
docker ps -a
docker ps -l // list the latest container
docker ps -n=2 // list the last 2 containers

参数：

create containers

create -> run

1
2
3

docker create xxx

docker create [--name=xxx] xxx

create + run

后台型容器

1
2
3

docker run --name name -d -p [宿主机端口]:[容器端口] xxx

docker run --name nginx1 -d -p 8080:80 nginx

name: 创建容器的名字
-d 容器在后台运行
-p 将容器的端口[port2]映射到宿主机的端口[port1]

交互型容器

1
2
3

docker run --name xxx -it xxx /bin/bash

docker run --name=ubuntu1 -it ubuntu /bin/bash

-i 开发容器的标准输入(STDIN)
-t 为容器创建应该命令行终端
exit 可以退出终端

start and stop

1
2

docker start xxx
docker stop xxx

xxx->name/id

by default, the docker will not restart, --restart can be used to restart the container

1

docker run --restart=always --name nginx1 -d  -p 8080:80 nginx 

restart

1

docker restart [OPTIONS] CONTAINER XXX

delete/remove

1

docker rm xxx

batch remove

1

docker rm $(docker ps -a -q)

attach

For interactive containers.

1

docker attach xxx

The container would stop if exit.

process in the container

1

docker exec -it xxx /bin/bash

-i：交互式操作
-t：终端
-d：让容器在后台运行
-p：将容器内部使用的网络端口映射到我们使用的主机上
指定端口映射

1
2
3
4

ip:hostPort:containerPort
ip::containerPort
hostPort:containerPort
containerPort

It would not result in container stop if exit from the container.

container info

1
2
3
4
5

// view the internal processes in the container
docker top xxx

// view the container information
docker inspect xxx

The detail includes: id, container name, environment variable, command, host config, …
Some info can be viewed by set -f or --format.

1
2
3
4
5
6
7
8
9
10
11

// view the running status
docker inspect -f='{{.State.Running}}' xxx

// view the container ip
docker inspect -f='{{.NetworkSettings.IPAddress}}' xxx

// view the container name and id
docker inspect -f='{{.Name}} {{.ID}}' xxx

// view the host info
docker inspect -f='{{.HostConfig}} {{.ID}}' xxx

View the log

1
2
3
4

docker logs xxx

docker logs -f --tail=3 -t xxx

-f参数：跟踪日志输出
-t参数：显示时间戳
–tail：仅列出最新N条容器日志

1

docker run -d --name ubuntu1 ubuntu /bin/bash -c 'for((i=0;1;i++));do echo $1;sleep 1;done'

import and export

docker export把容器的文件系统以tar的格式导出到标准输出，使用>命令将其定位到目标文件 xxx.tar，将容器保存到本地后就可以通过网络等方法将tar包分享给他人

1

docker export xxx > xxx.tar

docker import
import a local tar as image
res: generated image; & tag

1
2
3

cat xxx.tar | docker import - xxx/ubuntu:v1.0

docker import url res:tag

Local image management

create container by images

1
2
3

docker images

docker run -itd --name [name] -p 8080:80 [containerId]

image

search image

1
2

docker search xxx
docker search java

pull images

1

docker pull xxx

we can assign the wanted image tag and Docker Registry address

1

docker pull reg.itmuch.com/java:7

list images

1

docker images

remove images

1

docker rmi xxx

Custom images using Dockerfile

FROM - Specify the base image

Many official images can be found in DockerHub

FROM scratch 不以任何镜像为基础，接下来所写的指令就是镜像的第一层

RUN

shell format RUN<命令>

1

RUN echo '<h1>Hello</h1>' > /usr/share/nginx/html/index.html

exec format RUN[“可执行文件”, “参数1”, “参数2”]
&&将各个命令串联、在行尾添加 \ 进行换行，行首 # 进行注释

1
2
3

RUN buildDeps = 'gcc libc6-dev make wget' \
            &&apt-get install xxx
            &&RUN wget xxxx

Build images

1
2
3

docker build [OPTIONS] <context path/url/->

docker build -t nginx:v1 .

Example

1
2

docker pull webgoat/webgoat-8.0
docker run -tp 8080:8080 webgoat/webgoat-9.0

1
2
3

docker pull acgpiano/sqli-labs
docker run -dt --name sqli-lab -p [port you set]:80 acgpiano/sqli-labs:latest

For CTF

no dockerfile

If there is only front-end, you can use nginx to build the image.

1
2
3
4
5
6
7

docker search nginx

docker pull xxx/nginx

docker run --name <container_name> --volume "$PWD/web0":/usr/share/nginx/html -d -p 5000:80 nginx

docker cp /var/www/html/filename container_id:/var/www/html

php enviroment:
linux+apache+mysql+php

1
2
3
4
5
6
7

docker search lamp

docker pull tutum/lamp

docker run --name <containerName> -d -p 2333:80 -p 3308:3306 tutum/lamp

docker cp /var/www/html/filename container_id:/var/www/html

With database

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17

// Enter the container
docker exec -it container_id /bin/bash

// Connect the database and there is no password by default
mysql -u root

// Create database and use it
create database ctf;
use ctf;
// Create the user in database
create user user@localhost identified by 'pass';

// allocate privileges to users
grant all privileges on database.* to user@localhost;

// refresh/flush
flush privileges;

Or we can import the database by using .sql files.

Use & Write Dockerfile

FROM <镜像>
WORKDIR <工作目录路径>
COPY [–chown=:] <源路径1>… <目标路径>
RUN <命令行命令> docker构建时执行
CMD <shell命令>
EXPOSE <对外开放的端口>

In the directory the dockerfile in

1

docker build -t <name> .

docker-compose.yml

Using docker-compos.yml, we can build

Examples:

1
2
3
4
5
6
7
8

version: '3'

services:
  web:
    build: .
    restart: always
    ports:
      - "2333:80"

1
2
3
4
5
6
7
8
9
10
11

version: '2'
services:
  # 基本环境
  service: # 容器名字
    # build 该置顶目录下的dockerfile
    build: .
    # image指定build Dockerfile生成镜像的名称
    image: imageName
    ports:
      - 2002:80

versioin：版本号
services：配置
web：自定义标签
build：以dockerfile类型启动容器，后跟dockerfile的路径

Start it!

1

docker-compose up -d