When learning to do Capture the Flag (CTF) challenges, pen-testing or Ethical Hacking you regularly come across commands you would like to test. For sure you don’t want to be doing this against any production environment or even your test lab. I find the easiest solution is to use your own Docker Lab. You don’t have to be an expert to use docker. Just find somewhere to save the commands and you are good to go.
I will cover just the basics of Docker in this Write up and hope you find it useful. If you want to find out more, head on over to Docker web site
What is Docker?
Docker is an open source platform for building, deploying, and managing containerized applications. With just a few commands we can spin up “WordPress”, “Jenkins”, “FTP”, “SSH”, “MySQL” and many many more servers. We can do this with ease and we can get rid of them just as quickly. It can keep our data independent from the docker container or, if we don’t care, our data can be disposable. It’s all your choice as our Docker Lab is for spinning up something quickly and not for keeping anything permanent.
As usual I will be using my BlackArch linux install that I did as part of my CTF beginners series. You can use any modern Linux Distribution for this, but I will focus on Arch Linux commands.
Installing Docker in ArchLinux is a breeze,
sudo pacman -S docker
Start and enable Docker
For my laptop I dont like to have docker running all the time, consuming resources, only when I choose to.
sudo systemctl start docker
However if you are ok with leaving it running all the time you can use the below command.
sudo systemctl enable -now docker
Add a user to docker Group
In order to have access to docker without all the sudo stuff it’s best to add your user to the docker group. (you have to re-login after this step)
usermod -G docker <username goes here>
Lets create a Docker lab
FTP is an old technologies, in fact it’s around since the early 1970s and is wildly insecure. However it pops up quite often in CTF challenges and if you take a look at netlas.io (see my write up) you can find many instances of it across the internet. I most certainly don’t encourage you to use it for transporting your data but it can be fun to play with.
It’s important that you create a ftp directory so your data becomes independent to the container.
mkdir -p ~/docker/ftp
Anything we put into this directory will be available in the ftp server.
docker run -it -d --rm --name ftplab \ -p 21:21 -p 21000-21010:21000-21010 \ -e USERS="testuser|letmein" \ -v ~/docker/ftp:/ftp \ delfer/alpine-ftp-server
Lets break down this command
- run -it -d, run a interactive docker container and demonize it.
- –rm, once the container is stopped its deleted.
- –name ftplab, Name of container so it can be recognized later .
- -e USERS=”testuser|letmein”, create some users for the ftp server.
- -p 21:21 -p 21000-21010:21000-21010, ports to be forward from docker container to the localhost.
- -v ~/docker/ftp:/ftp, mounts our newly created ftp directory into the container.
- delfer/alpine-ftp-server, name of the docker ftp image on docker.com.
Run docker ps to ensure the container is running.
You can now use FTP on your local host by typing,
SSH, also known as Secure Shell or Secure Socket Shell, is a network protocol that gives users a secure way to access a computer over an unsecured network.
The options for ssh docker image are less than that as the ftp. Only the ports to run ssh on must be specified.
docker run -d -p 2222:22 arvindr226/alpine-ssh
But we don’t know the root password I hear you say. This is true, but we can change it with the below code.
➜ docker docker exec -it some_sshd /bin/bash bash-4.3# passwd root Changing password for root New password: Bad password: too weak Retype password: passwd: password for root changed by root bash-4.3#
After all this is done you can connect to the ssh server with the command
ssh 127.0.0.1 -p 2222
WordPress is an open-source content management system which is incredibly popular among bloggers (me included). It can be really useful to have your own “WordPress” install to play with. I utilized it in my hydra article.
First we make our directory so to save the database and the “html” documents.
mkdir -p ~/docker/wordpress cd ~/docker/workpress
Pull down the docker image
docker pull workpress
And the main command to launch it.
docker run \ --name some_wordpress \ -p 8080:80 \ -v $(pwd)/wordpress:/var/www/html \ -d \ --rm wordpress
Open it up in “firefox” on http://127.0.0.1:8080 and Bingo we have a WordPress site.
I hope you found my mini introduction to my docker lab interesting. Leave some comments below if you thought it was of value.